Tips for Improving Cyber Security for Small Business

In the wake of the COVID-19 outbreak, we saw a massive uptick in sophisticated phishing email schemes. Google blocked over 18 million coronavirus phishing attempts each day at the beginning of the pandemic crisis. Cybercriminals never lose out on an opportunity even when it comes at the cost of a global crisis and tragedy. In fact, cybercrimes overall saw a massive surge in recent times with 54% of companies experiencing an industrial control system security incident. Moreover, even as five-year spending forecasts (to 2025) in cyber security point to well over $1 trillion in security expenditure – not all companies are spending enough on security to keep their network and data protected. Cyber-crime is expected to breach an estimated 33 billion records in 2023.


Advertisement


Small businesses face grave cyber security risks

The situation is particularly dire for small and medium businesses with recent data indicating that 70% of small businesses unprepared to deal with a cyber-attack and 51% still not allocating any budget to cyber security. No matter how small your operation may seem compared to the massive size of MNCs, fact remains that 43% of cyber-attacks always target small business. As small businesses rarely have enough spend in cyber security and simply are too unequipped to deal with increasingly sophisticated cyber-attack tactics – the data accumulated by small businesses form a highly lucrative target for attackers. Compare this state of affairs with the average cost of a malware attack on a company that is currently around $2.4 million and the situation looks quite dire.

The types of cyber-attacks on small businesses can be classified into the following categories according to the percentage of prevalence of attacks:

  • Web-based attack 49%
  • Phishing / social engineering 43%
  • General malware 35%
  • SQL injection 26%
  • Compromised / stole devices 25%
  • Denial of services 21%
  • Advance malware / zero day attacks 14%
  • Malicious insider 13%
  • Cross-site scripting 11%
  • Ransomware 2%
  • Other 1%

Most small businesses unfortunately persist in the mindset of ‘flying under the radar’ on the virtue of being small. In fact, 69% of small businesses persist in not strictly enforcing password policies. 16% of small businesses also report that they reviewed their cyber security posture only after a major security incident. Managed IT Services Vancouver can be a great resource for small businesses looking to secure their networks against rising cyber security threats.

Tips for Improving Small Business Cyber Security

  • Use layered security for limited access – Layering your security architecture can help keep your most valuable data safe even in the case of a breach. This can involve providing access to sensitive information strictly on a need-to-know basis. You can also use additional levels of protection, such as, additional passwords, encryption etc. Layered security can include the following:
  • Asset inventory – Regular comprehensive review of all your hardware and software to ensure they optimal performance and security. An updated inventory of all sensitive and mission-critical data and periodic check of user accounts to delete inactive accounts help against data and credential theft.
  • Perimeter and network security – Dividing your network into zones with different access and security levels can help contain threats when they do breach your defenses. Review of your SQL code and using web application firewalls can help prevent malicious attacks.
  • Activity auditing – Regular monitoring and review of data and network activity can help pinpoint exact user access and flag any suspicious activity.

  • Use Enterprise-grade firewalls – Enterprise-grade firewalls are different from regular firewalls in that they provide stronger monitoring and more efficient traffic management than basic ones. They act as your first level of defense against malicious traffic inflow and prevent accidental clicks to compromised websites.
  • Have a strong Mobile Device Policy – With remote work and anywhere operations, most employees now use mobile devices for office work. Using work email on mobile devices can pose particular security concerns with access to sensitive data off-premise. You should be highly careful in ensuring strong data encryption, install security apps to monitor usage on these devices and of course, use strong password protection.
  • Hire Outsourced Managed IT Services – If you have read this far and are already overwhelmed by the measures required and/ or estimated budgets needed to shore up your defenses against cyber security threats, you should seriously consider reaching out to a local managed services provider in IT Support Vancouver. They can provide you with much needed guidance on your business risk profile and help you with the latest defensive strategies, tools, and technologies – all at highly predictable, and manageable monthly rates.

  • Centralize hardware management – Please ensure that you have centralized management dashboard of all on-site hardware (including mobile devices) with set baseline configurations. A thorough asset inventory can really help keep track of your equipment, and all network logs should be audited to trace any unauthorized device access.
  • Strengthen your password policy – Apart from enforcing a strong password policy at the workplace, you should ask all users to change their passwords mandatorily at regular intervals. You can also use complex password generator tool for assistance in creating unique, but strong user passwords including a combination of capital and lowercase letters, numbers, and special characters.

  • Adapt and enforce Zero Trust policy – While the concept of zero trust policies are still fairly new, they are highly useful in ensuring enterprise data and network protection. This involves providing users with data and access (to systems, applications and databases) on a strict need-to-know basis. Strict enforcement of zero trust limits the perimeter of damages incurred through breaches, credential theft and user violations (accidental or deliberate).

  • Regular Data Backups – Consider automating your backup processes and at least, create regular backups with mandatory offsite storage. In case of a disaster event or a full network attack, such as a ransomware event, you can ensure business continuity and uninterrupted services with offsite backups.  

Protect Your Website with an SSL – Your entire website should be protected with secure socket layer (SSL). This ensures that all data is transmitted securely over the Internet between any computer and your network server, rendering data theft implausible. IT Consulting Vancouver can help you with implementing SSL on your website and even higher SEO ranking in Google with safe data practices.

Sam Goh

Sam Goh is the President at ActiveCo Technology Management, an IT Support Vancouver company. Sam comes from an operational perspective, his tenure at ActiveCo emphasizes working with customers to closely understand their business plans and to successfully incorporate the technology component to those plans. Under his leadership, ActiveCo has developed expertise which focuses on enriching the extensive customer relationships by integrating strategic and operational focus areas through consulting. When Sam and his wife Candee aren’t running ActiveCo, they enjoy road trips with their 2 children. Faith, family, friends and philanthropy lie at the heart of Sam’s personal beliefs.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...