Cyber Security for Small Businesses | 15 Tips (2021 UK Guide)
Cyber Security for Small Businesses – Running a small business means you are constantly making decisions on where your budget should be prioritised. And the reality for a lot of small businesses is, if you have not been victim to a security breach, cyber security is not a priority. The problem with this, is that the costs of being hacked could irreversibly damage your business. So waiting until you are a victim, is not a sensible business decision. Here are some cyber security services tips.
1. How to SPOT hackers
A common attack by hackers is called a Phishing attack, where they throw our their hook (send their email) and hope something take a bite (someone replies to their email).
These emails often pretend to be from:
- a business you’re working with
- a courier/delivery service with your package
- an online store with a promotion – maybe even one you recently visited
The list goes on and hackers are very creative. Here are a few do’s and don’ts:
❌ DO NOT share your bank details with callers claiming to be a business
✅ Call the business back from the number on their website yourself to verify!
❌ DO NOT click on links that you receive from emails or text messages
✅ Unless you know exactly what it is about and requested it!
❌ DO NOT click on random email adverts, especially when the email address is not the official store’s
✅ Just don’t do it. Delete and report them as spam
❌ DO NOT download apps that are not from official websites
✅ Check the number of reviews and genuine comments on the AppStore/Google.
❌ DO NOT open any attachments in emails from unknown senders
👀 Look, look, look at the email address! Then verify it. Check the business website for their email. Or check with the individual by texting/calling them. They might not know they’ve been hacked.
2. Protect your passwords
Passwords are a necessary evil. You need them to log in to your online accounts, but they are also a point of vulnerability. Avoid obvious, sequential or common passwords like “password”, “123456”, “qwerty” and so on.
Instead use something long and complex with uppercase letters, lowercase letters, numbers and special characters.
If you need help coming up with a strong password, you can use a free password manager like Avira (available here).
3. Anti-virus software
A good and free antivirus protection software is Avast. You can download it from their website www.avast.com
You might be thinking…
Windows has a built-in antivirus called Windows Defender… and that’s right. But it’s still a good idea to install an antivirus. Especially for Windows…
There’s a myth that Mac’s don’t get infected by viruses. It’s not true. Windows is a far more common operating system than Mac, and more often used in businesses, therefore attackers base their malware on Windows, in the hope that they will have more victims. But Mac’s are still vulnerable to Mac-based viruses and the number of active Mac malware is rising.
If new employees are starting at your company, then ensure you run fresh antivirus software on their computers to protect the rest of your network.
4. Stay on TOP of updates
The newer the software update, the lesser the likelihood of it being exploited by hackers. Keeping up with updates on a regular basis is a good practice no matter how small your business is.
Updates will be available for your:
- computer – regardless of whether you use Windows, Mac or Linux (just ensure you’re using a supported version)
- applications – on your phone and on your computer
- internet browsers – Chrome, Firefox, Edge etc.
- browser extensions – like Adblock (which blocks adverts and is free) or PopUp blocker (which blocks websites forcefully taking you to new different websites without you giving permission)
5. Add browser extensions and let them do the hard work
Both of these extensions are free on Chrome. Simply Google “chrome web store” click “extensions”. Then search for “Adblock” and “Pop Up Blocker” and add them.
Adblock will block adverts from appearing on the websites you visit. This is useful because many hackers will hide their traps in adverts on websites. Some websites (like newspaper websites) will require you to disable Adblock because they generate income by showing adverts. For them, no one seeing the adverts means they won’t be getting paid.
Nevertheless, it’s better to have Adblock enabled continuously then disable it for the odd website that you need to access. Since you probably need to read the gossip…
PopUp blocker will block websites from forcefully taking you to new or different websites, without you granting permission. Again, some websites do this as a means of promoting adverts. The trouble is that redirects to a completely new website could expose you to more serious forms of hacking.
6. Use two-factor authentication on all business accounts if possible
Two-Factor or Multi-Factor authentication adds an extra layer of security to your accounts by requiring you to prove who you are with something that only you (or someone else with physical access to your phone) has. This usually takes the form of a code sent to your phone either as a text message or via an app like Google Authenticator. The idea is that even if someone knows the password to your account, they can’t use it without also having access to your phone. It’s worth setting up wherever possible.
7. Encourage employees not to spend too much time on social networks
It’s all too easy for employees, especially those who have access to your internet network or websites, to start spending too much of their time on Facebook, Twitter or other social sites and neglecting to log off before leaving the office. It’s a simple but effective way to make sure your company credentials and assets are not vulnerable to being used by an outsider.
8. Consider using cloud computing
Using a cloud can provide several benefits. There is a myth that when you cloud services, your security is at risk. It’s not. There is less “ownership” since your data is not being stored on physical computers in your office (which you would have to pay people to keep secure). Instead, your data is stored on servers (computers) owned by Microsoft, Amazon, Google or whichever cloud provider you choose. And those providers are very good at keeping their servers secure.
If you are not sure how to use the cloud and keep your data safe, think about outsourcing IT services. This will give you peace of mind that someone else is taking responsibility for keeping your data secure.
If you want to move to the cloud but your options are too expensive, you can consider our latest cloud migration software designed for small businesses – learn more about it here.
9. Encrypt sensitive information
If you’re not using a cloud service and want to be certain that no one can look at customer or employee data, you should consider encrypting it. While this does not necessarily prevent someone from hacking your system, it increases the resilience to them getting hold of readable information, they can’t see what’s inside unless decrypted. As a general rule of thumb – don’t store personal identifiable information – PII (name, addresses, date of birth) or financial information in any document, spreadsheet etc unless it’s encrypted.
Here’s how to encrypt files
- Right-click (or press and hold) a file or folder and select Properties.
- Select the Advanced button and select the Encrypt contents to secure data check box.
- Select OK to close the Advanced Attributes window, select Apply, and then select OK.
- Go to Disk Utility (you can search for it on the magnifying lens )
- Click “File”, “New Image”, “Image from Folder”
- Choose the folder you want to encrypt
- Select Encryption, “128-bit”, and write a password
10. Lock your computer screen
Set your company computers to lock after 10 minutes of inactivity. This can be done by changing the screen saver settings and requiring the password to be re-entered.
It’s even better to get into the habit of manually screen locking your laptop. And to encourage employees to do the same. To screen lock your computer this:
- on Windows press the Windows key + “L”
- on Mac press Control + Command + Q
11. Take extra care when using Wi-Fi that is not yours
Never conduct financial transactions or share any personally identifiable details you don’t want others to know over an unsecured network, especially public Wi-Fi networks in hotels and cafes, with a lot of people around – most hackers carry out their work on open networks like these. Remember to turn off your Bluetooth unless you are using it.
12. Ensure your own Wi-Fi is secure
It’s a good idea to run parental controls on devices that connect to your internet. Ensure that the firewall is switched on for each device. This will stop others from accessing your network without permission.
Metageek have a step by step tutorial on how to make your WiFi more secure – you can see it here.
13. Have multiple backups of everything
If you use Dropbox, Google Drive, OneDrive etc then that’s great. But it’s still a wise idea to keep a copy of your data on a physical hard drive. It’s the old saying: don’t keep all of your eggs in one basket. Or in this case… all of your data. Besides, you’ll save yourself a huge panic if something goes wrong with one of your copies. You can encrypt them using a service like TrueCrypt. This will make it much more difficult for anyone on your network to access your data if they should try to. If you use Windows Server, you’ll also be able to take advantage of Windows Server Backup.
14. Use encrypted email wherever possible
Encrypted email is now available for both Outlook and Gmail, and it’s a good idea to make use of this where appropriate. As well as increasing security against hackers, it also ensures that company data is secure in case you ever lose your device. Note that this type of encryption is not compatible with iOS, but you can still forward encrypted emails with your iPhone or iPad.
15. Encrypt your portable devices
External hard-drives, USBs and any other storage device you connect to your computer should be encrypted. If someone steals your device, they won’t be able to see what’s inside without knowing your encryption password.
You can Google “How to encrypt (whatever your device is called)”.
Encryption software is also easily available. All you need to do with the latest versions is tick a box in the settings menu for it to be activated.
TechRadar have a made a list of the top encryption software, you can see them here.
With all that said we are available to provide professional UK-based cyber security for small businesses.
You can reach us at our contact page here.