Tips for Improving Cyber Security for Small Business

1st April 2021

In the wake of the COVID-19 outbreak, we saw a massive uptick in sophisticated phishing email schemes. Google blocked over 18 million coronavirus phishing attempts each day at the beginning of the pandemic crisis. Cybercriminals never lose out on an opportunity even when it comes at the cost of a global crisis and tragedy. In fact, cybercrimes overall saw a massive surge in recent times with 54% of companies experiencing an industrial control system security incident. Moreover, even as five-year spending forecasts (to 2025) in cyber security point to well over $1 trillion in security expenditure – not all companies are spending enough on security to keep their network and data protected. Cyber-crime is expected to breach an estimated 33 billion records in 2023.

Advertisement

Small businesses face grave cyber security risks

The situation is particularly dire for small and medium businesses with recent data indicating that 70% of small businesses unprepared to deal with a cyber-attack and 51% still not allocating any budget to cyber security. No matter how small your operation may seem compared to the massive size of MNCs, fact remains that 43% of cyber-attacks always target small business. As small businesses rarely have enough spend in cyber security and simply are too unequipped to deal with increasingly sophisticated cyber-attack tactics – the data accumulated by small businesses form a highly lucrative target for attackers. Compare this state of affairs with the average cost of a malware attack on a company that is currently around $2.4 million and the situation looks quite dire.

Could empowering the frontline with data help businesses to stay resilient?
Trending
Could empowering the frontline with data help businesses to stay resilient?

The types of cyber-attacks on small businesses can be classified into the following categories according to the percentage of prevalence of attacks:

  • Web-based attack 49%
  • Phishing / social engineering 43%
  • General malware 35%
  • SQL injection 26%
  • Compromised / stole devices 25%
  • Denial of services 21%
  • Advance malware / zero day attacks 14%
  • Malicious insider 13%
  • Cross-site scripting 11%
  • Ransomware 2%
  • Other 1%

Most small businesses unfortunately persist in the mindset of ‘flying under the radar’ on the virtue of being small. In fact, 69% of small businesses persist in not strictly enforcing password policies. 16% of small businesses also report that they reviewed their cyber security posture only after a major security incident. Managed IT Services Vancouver can be a great resource for small businesses looking to secure their networks against rising cyber security threats.

Tips for Improving Small Business Cyber Security

  • Use layered security for limited access – Layering your security architecture can help keep your most valuable data safe even in the case of a breach. This can involve providing access to sensitive information strictly on a need-to-know basis. You can also use additional levels of protection, such as, additional passwords, encryption etc. Layered security can include the following:
  • Asset inventory – Regular comprehensive review of all your hardware and software to ensure they optimal performance and security. An updated inventory of all sensitive and mission-critical data and periodic check of user accounts to delete inactive accounts help against data and credential theft.
  • Perimeter and network security – Dividing your network into zones with different access and security levels can help contain threats when they do breach your defenses. Review of your SQL code and using web application firewalls can help prevent malicious attacks.
  • Activity auditing – Regular monitoring and review of data and network activity can help pinpoint exact user access and flag any suspicious activity.

  • Use Enterprise-grade firewalls – Enterprise-grade firewalls are different from regular firewalls in that they provide stronger monitoring and more efficient traffic management than basic ones. They act as your first level of defense against malicious traffic inflow and prevent accidental clicks to compromised websites.
  • Have a strong Mobile Device Policy – With remote work and anywhere operations, most employees now use mobile devices for office work. Using work email on mobile devices can pose particular security concerns with access to sensitive data off-premise. You should be highly careful in ensuring strong data encryption, install security apps to monitor usage on these devices and of course, use strong password protection.
  • Hire Outsourced Managed IT Services – If you have read this far and are already overwhelmed by the measures required and/ or estimated budgets needed to shore up your defenses against cyber security threats, you should seriously consider reaching out to a local managed services provider in IT Support Vancouver. They can provide you with much needed guidance on your business risk profile and help you with the latest defensive strategies, tools, and technologies – all at highly predictable, and manageable monthly rates.

  • Centralize hardware management – Please ensure that you have centralized management dashboard of all on-site hardware (including mobile devices) with set baseline configurations. A thorough asset inventory can really help keep track of your equipment, and all network logs should be audited to trace any unauthorized device access.
  • Strengthen your password policy – Apart from enforcing a strong password policy at the workplace, you should ask all users to change their passwords mandatorily at regular intervals. You can also use complex password generator tool for assistance in creating unique, but strong user passwords including a combination of capital and lowercase letters, numbers, and special characters.

  • Adapt and enforce Zero Trust policy – While the concept of zero trust policies are still fairly new, they are highly useful in ensuring enterprise data and network protection. This involves providing users with data and access (to systems, applications and databases) on a strict need-to-know basis. Strict enforcement of zero trust limits the perimeter of damages incurred through breaches, credential theft and user violations (accidental or deliberate).

  • Regular Data Backups – Consider automating your backup processes and at least, create regular backups with mandatory offsite storage. In case of a disaster event or a full network attack, such as a ransomware event, you can ensure business continuity and uninterrupted services with offsite backups.  

Protect Your Website with an SSL – Your entire website should be protected with secure socket layer (SSL). This ensures that all data is transmitted securely over the Internet between any computer and your network server, rendering data theft implausible. IT Consulting Vancouver can help you with implementing SSL on your website and even higher SEO ranking in Google with safe data practices.

Sam Goh

Sam Goh is the President at ActiveCo Technology Management, an IT Support Vancouver company. Sam comes from an operational perspective, his tenure at ActiveCo emphasizes working with customers to closely understand their business plans and to successfully incorporate the technology component to those plans. Under his leadership, ActiveCo has developed expertise which focuses on enriching the extensive customer relationships by integrating strategic and operational focus areas through consulting. When Sam and his wife Candee aren’t running ActiveCo, they enjoy road trips with their 2 children. Faith, family, friends and philanthropy lie at the heart of Sam’s personal beliefs.

We think you'll like:

Unlocking productivity and efficiency gains with data management

Russ Kennedy • 04th July 2023

Enterprise data has been closely linked with hardware for numerous years, but an exciting transformation is underway as the era of the hardware businesses is gone. With advanced data services available through the cloud, organisations can forego investing in hardware and abandon infrastructure management in favour of data management.