It’s easy to think that cybersecurity is something for larger organisations, but small and mid-sized businesses should be careful not to fall into the trap of thinking that they are too small to be noticed by hackers. A 2019 ACSC Small Business Cyber Security Survey showed 62 per cent of small businesses reported they had previously been a victim of a cybersecurity incident.
Considering this, small businesses need to ensure that cybersecurity is treated as a high priority in the same way that physical security of the office space is regarded.
To do this, it is key that best practices are defined and regularly updated in a small business cybersecurity plan. Improving security doesn’t necessarily mean huge expenses, but it does require a company’s focus to avoid becoming the next victim of a cyberattack.
What are the best practices for small business security?
Create policy documents
To ensure that cybersecurity policies become part of your business’ culture, they should be thoroughly documented, and supported with schedules and checklists to make sure that the new processes are implemented, and staff are aware of their responsibilities.
A “Bring Your Own Device” (BYOD) policy should be also be included, ensuring that all your employees are required to maintain a high level of security on any device that accesses the company’s documents and network – from installing security software to applying patches as soon as they are available.
Review access permissions
A simple but effective measure is to restrict access permissions to shared files and essential applications. This minimizes the number of possible routes to sensitive data. Access should only be provided to those who need it for their work, and it should be revoked when no longer required, including as soon as an employee leaves or a contract ends with a freelancer or other third-party.
Back up your data
The mantra of “use a strong password” is now as common as “be sure to back up your data”. This is especially true for small businesses that wish to avoid ransomware attacks, where the hacker will steal and encrypt data, threatening to destroy it if a fee is not paid for its return.
This situation can be avoided simply by keeping comprehensive backups so data can be recovered.
Cloud services are a popular option for backups. Not only does the cloud allow documents to be accessible from anywhere, but the security offered by these services is likely to be far more sophisticated.
Staff training
Employees will have varying backgrounds and levels of ability when it comes to technology. To avoid creating security vulnerabilities, all staff members should know how to update their devices, recognise phishing attempts, and know the procedures for flagging concerns.
Install updates
Software can only ever be at its most effective if it is regularly updated to account for new vulnerabilities or types of attack. Ensuring every device – from printers and laptops to smartphones – has the latest patches and updates applied could be a daunting task for a large enterprise but is very achievable in a small or mid-sized business.
Get Protection for your workplace
Make sure that you invest in robust, real-time digital security products, such as Avast Small Office Protection which includes a firewall, to provide a barrier between your network and cyberattack, and anti-malware software, to minimise the impact of phishing attacks, so you can focus on running your business with confidence and peace of mind.
Katherine Little, Business Security Expert, Avast
