When running a business, there are always risks involved. But when resources are tight, efforts tend to be focused on new technologies rather than making sure current systems are safe and secure.

Central to most businesses is the storage, sharing, and use of data and information, yet it’s becoming increasingly important to keep your data secure. Cybercriminals are finding ever more sophisticated ways of hacking and carrying out data theft, leading to nasty issues: theft of sensitive data, loss of records, and huge charges in ransomware and malware scams.

It’s becoming clear to us here at Equity that businesses are becoming more under pressure to become accredited with Cyber Security certification, such as Cyber Essentials. This goes to show that security is at the forefront of business and consumers’ minds.

So, if you want to start prioritising your cybersecurity rather than leaving it to chance, here are our top cyber security tips you can follow right away:

1. Don’t think that you are not a target for hackers

The first cybersecurity mistake businesses make is that they believe they’re not at risk. Small businesses in particular tend to think that they’re not worth the hacker’s time and effort.

This couldn’t be further from the truth. Not only do cybercriminals attack any given target, but they’ll often pinpoint the smaller businesses that have under-prioritised their security. In fact, according to a recent report, SMEs are three times more likely to experience a cyber attack and an employee of a small business will experience 350% more social engineering attacks than an employee of a larger organisation.

2. Update your hardware and software

When you leave your hardware to go out-of-date, you can inadvertently invite cybersecurity breaches. Outdated hardware might not support recent software security upgrades and may also respond more slowly to cyberattacks, should they happen.

In addition, it’s imperative that you keep your software, particularly your anti-virus option, updated to ensure you’re systems are kept protected.

3. Anti-virus and firewalls are your friends

Anti-virus software is there to detect and counteract threats to your network or systems: malicious browser helper objects, browser hijackers, worms, ransomware, dialers, fraud tools, spyware and adware. And, whilst using an anti-virus across your business systems incurs a cost, it’s just a fraction of the price you’d pay should a successful attack occur, not to mention the disruption to your business and the loss of business as a result of reduced customer confidence.

Anti-virus software works best in conjunction with a firewall which will provide more complete protection against cyber threats. While the anti-virus protects your hardware, the firewall protects the network on which the hardware is running.

Once you’ve installed both protective tools, ensure you’ve adjusted the settings according to what the manufacturer recommends, and make sure to update your protection regularly.

4. Watch the links carefully

Phishing scams – the technique used by criminals to trick you into handing over sensitive or personal data – are the most prevalent methods of cybercrime and account for 80% of successful attacks.

Usually in the form of an email, recipients are commonly asked to visit a URL or attachment to “update” or “verify” their details. This attachment or URL will be designed to harvest your data, while an attachment will usually be malware used to infect your device.

The most basic advice to small businesses is that, if an email looks suspicious, don’t open it, let alone click on a link or open an attachment. Even if you open an email that looks a bit like a reputable company but something seems “off”, resist the urge to open it. Instead, delete and report the email as spam.

You can also click on the sender’s name in the email to check that their email is consistent with the organisation they’re claiming to come from. If the email address doesn’t match up you’ll know that there’s something wrong.

For more long-term protection against phishing scams, businesses should implement company-wide training to arm their teams with the ability to spot and deal with scams if and when they arise.

5. Don’t ignore 2-Factor Authentication

To protect your online accounts (particularly the most important ones) from hacking, it’s a good idea to set up multi-factor authentication when you log on.

Multi-factor authentication is simply the login process requiring you to enter both your password and a one-time passcode sent to another device or email account. When you log into an email account, say, you may be asked to enter your usual password, and then you’ll be sent a text onto your phone which you’ll also have to input. Only when you’ve entered both passcodes will you be allowed into your account.

It’s easy to see why setting up multi-factor authentication would be an important step in improving your cyber security. It makes it impossible for a hacker to penetrate your account remotely, as they’d need to be able to access both your password and your text in order to get into your account.

That said, if your business uses sensitive data, you may want to protect these accounts by ensuring they’re set up with two-factor authentication but that access is only given to the people who really need it.

6. Use strong passwords

It goes without saying that strong passwords are essential to your online security. This doesn’t mean you must use a random mix of arbitrary upper and lower case letters, numbers and symbols. Instead, simply:

  • Use a different memorable password for each account
  • Avoid using the same password twice
  • Use at least one upper case letter, one lower case letter, one number and four symbols.
  • Reset your password when you forget it, and change it once a year as standard
  • Consider a company-wide password manager such as https://www.lastpass.com/.

7. Don’t forget about the backups

Whatever the nature of the security breach, data is often the biggest casualty of a successful attack. And, of your business stories large amounts of data, especially sensitive information like financial details, these losses can be catastrophic to the survival of your organisation.

Ransomware or malware attacks can be mitigated by scrubbing your data and reinstating it from your most recent backup.

By regularly backing up your data, or better still, enlisting the help of an IT support company like Equity to do this for you, you significantly reduce the impact of a security breach on your business.

Ideally, back up your data online and/or on an external device not permanently connected to your network as well as on your computer, and perform regular backups (at least once a day if possible). Also, beware of keeping your device permanently connected to the internet while you’re still connected to an external hard drive. Ransomware and malware can go straight to the external hard drive and attack your backups, leaving you in a worse position.

8. Choose a VPN

VPNs – or Virtual Private Networks – are a means by which small businesses can allow their employees to work remotely whilst keeping their systems and devices secure. When your teams are working remotely, they may be accessing and exchanging sensitive data whilst connected to a larger network, creating weaknesses in the company’s security.

Start by selecting the VPN you want your staff to use, ideally not free software as these may not be robust enough. Next, install the VPN across your company devices so that your teams can turn on the VPN whenever they access sensitive information or are connected to external WiFi.

9. Track your devices

When you’re running a small business, particularly in a remote or hybrid working environment, it’s important that all your assets and devices are accounted for. As soon as your company devices are off-site, they are instantly vulnerable to being lost or stolen.

In these instances, it’s crucial you can lock or erase data remotely to save any major disaster. Equip these devices with appropriate tools to allow you to track and lock them if they get into the wrong hands.

10. Train your employees

Whatever cybersecurity strategy you have in place, it’s almost entirely pointless if it’s not communicated to your employees. Because every business should expect its staff to be responsible for the security of its systems, it is logical that those people should be regularly trained in the company’s security protocols.

Starting with drawing up those security protocols, your business should be clear about exactly what is expected of each member of staff and act as a reference point to use if they need to. If possible use visual screenshots or video tutorials to explain action points.

When onboarding new staff, make sure every new person is provided with the security protocol and understands it fully. Ideally, robust security training will be included in your onboarding process and as a regular part of your continuous development across your teams. Whether you carry out your training yourself or hire an IT support to manage this for you, a twice-yearly pan-company security training is a good course of action.

In summary

These are our top ten cybersecurity tips that you can use as a starting point for your business. But if you’re looking for some extra advice and support, why not chat to Equity where we can help find the right cyber security solution for you?

We’re currently offering a Cyber Security package which can be paid for monthly and can include Cyber Essentials accreditation. The contract is fully flexible so, for a monthly fee, you can pick and choose which elements of cyber security you want to focus on, from Cyber Essentials accreditation to 2-factor authentication, and password management.