With the rate and intensity of cyber threats increasing all the time, small businesses need to make sure they are adhering to this basic principle for cyber security.
Small businesses are frequently the target of cyber-attacks, because they are most attractive to hackers and criminals. This is mainly down to the fact that, as smaller organisations, they are likely to have fewer resources at their disposal. Many small businesses don’t even view themselves as a target, and thus have very lax security. However, the truth is that even small businesses need to follow some basic cybersecurity principles.
Common Threats for Small Businesses
We discussed this topic with TechQuarters, a London-based IT partner that has been in business for more than 12 years, and the IT Support Services London-based organisations have received from them over that time has become increasingly focused on cybersecurity, as it has become an increasingly pressing issue. We asked TechQuarters about some of the most common cyber threats small businesses face – they mentioned the following:
- Malware – This type of threat is essentially any form of software that is designed for malicious purposes. Some examples of malware include viruses, spyware (which records your internet activity), keyloggers (which record users keystrokes, allowing them to steal login credentials), and trojans (which are seemingly legitimate programs that may open up backdoors to your system).
- Ransomware – This form of attack uses both malware – typically a trojan malware, that grants criminals access to a device or account – and social engineering to hold data ransom. Once the cybercriminal has access to your data, device, or system, they can lock you out and make you pay a ransom to release the account or device.
- Phishing – According to TechQuarters, provider of Managed IT Services London businesses trust, phishing attacks are the most common form of cyber-attack, due to the ease with which they can be executed. A phishing attack simply uses spoofed websites, ads, and social engineering in an attempt to steal user’s information.
Best Practice Security Principles for Small Business
- Upgrade/Update Technology
A significant factor how vulnerable a small business is to cyber threats is whether the technology they use is using the most up-to-date security solutions and protocols – in fact, outdated hardware and software are some of the biggest culprits when it comes to vulnerabilities. Small businesses must make sure to keep their technology up-to-date – TechQuarters mentioned that the IT support Croydon and London-based organisations get from them often involves update and patch management as a staple component of the service, because of how important it is.
- Implement Single Sign-On
Another way in which organisations can be vulnerable to threats is through user accounts. The more accounts that hold company information – and, by extension, the more logins associated with the business – the more entry points there are for hackers and criminals to access company data. Implementing Single Sign-on (SSO) means that users will have one set of credentials for all their business accounts, thus reducing the number of opportunities for credentials to be compromised.
- Emphasize Strong Password Usage
In tandem with the previous point, the next more important security principles (although, it may be one of the most important of all) is ensuring that all members of the organisation are using strong passwords. Single sign-on can be much more secure – but only if everyone is using strong passwords. This means no more short, easy-to-remember passwords that can be cracked by a computer in seconds.
- Use Multi-Factor Authentication
As well as using strong passwords, businesses should also be using multi-factor authentication. This is a principle of identity verification that uses more than one method to confirm the identity of a user. Passwords are one method of authentication. Multi-factor authentication usually adds the step of entering a one-time code that is send to an authorised phone number, email address, or application. This extra layer of authentication means that it is much harder for hackers to access the account remotely.
- Antivirus / Security Software
With threats like phishing attacks coming in via email, and the potential for malware to infect devices, it is very important for businesses to invest in security software, such as antimalware. This type of software is installed on devices (such as smartphones, tablets, and laptops and computers), and will be able to scan both the device hardware, and the software on the device. If some form of malware is detected on the device, security software will be able to isolate and eliminate it. It will also be able to block suspicious emails and messages in different apps.