Cyber Security Guide for Small Businesses

While computers and the Internet provide many benefits to small businesses, these Technologies are not without risks.

Some such as physical theft of equipment and natural disasters, can be reduced or controlled if you handle yourself with caution and caution like dictates common sense. Still, the risks resulting from cybercrime, such as theft of information that is then sold in the black market, they are more difficult to control.

More than 70% of security breaches are aimed at small and medium-sized companies. Despite this, many entrepreneurs believe that are not vulnerable to cyber-attacks due to its small size and limited assets.

Consequences of data theft

Like almost all small businesses, you are surely also handle information from accounts and personal data of interest to criminals. So, remember that you will suffer consequences of data theft, for example if cyber criminals steal information about your customers and use it to commit fraud. Some data is protected by laws and regulations, such as the General Regulations of Personal Data Protection or GDPR in the European Union, or the Portability Law and HIPAA or health insurance liability (for medical data) and the Safety Standard data for payment cards or PCI (for credit card data) in the States United. There are also regulations that force companies to report a violation security that can expose data personal, even if it is only the loss of a laptop with information from clients or a memory with medical records. This shows that, beyond your company size, you must take an systematic approach to protect the data. Also, as you protect corporate digital assets, you must document the implemented approach. This will help in training your employees on their cyber-security responsibilities.

Steps to follow

The following steps will help you to protect your company from cyber attacks.

  • Analyse your assets, risks and resources
  • Create your own policies
  • Choose your controls
  • Implement controls
  • Train your collaborators, executives and providers
  • Evaluate, audit and test

Getting the basics right

Taking some simple actions and practising safe behaviours will reduce the risk of online threats to your business.

  1. Download software updates

    Wherever your website and emails are stored, you should keep all of your software up-to-date. Appoint a member of your team to regularly monitor available versions and updates as necessary.
    Use strong passwords
    Use strong passwords made up of at least three random words. Using lower and upper-case letters, numbers and symbols will make your passwords even stronger.
  2. Secure email

    In the last half of 2018, multiple malicious emails focused on misleading the user appeared. In these cases, there is specific information that confuses the person receiving the email. A fraud that went viral was an email that used the user's password as a “subject” along with a direct threat such as “you are my victim” or “I will send your private information to all your contacts”. This method is estimated to have raised nearly half a million dollars. And little by little, this type of fraud is reaching the business world. In this sense, having a security procedure or regulations is an effective prevention practice. Never download information from an unknown email, and the promotions or offers received should not be opened in the corporate email. Having an anti-phishing tool and not occupying a single key for the entire digital system of the company, is also a good cyber-security practice for SMEs.
  3. Use anti-virus software

    Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install internet security software like anti-virus on all your devices to help prevent infection.

  4. Back up your data regularly

    And still, by taking all security measures it is possible for the attacker to finally succeed and compromise your business website or emails. Depending on the type of attack and the damage it causes, it could even be difficult for your organisation to regain control of its digital assets. Regardless of the types of cyber-attacks and cyber-security strategies implemented, the best practice is to regularly back up your data. If you do not have any method of prevention against data loss, your company can experience considerable damage to its services and reputation.

    Having external hard drives to store your company's business information is not a very good idea, since they usually present human or personal problems. The best option is to have a backup service on a web server that must be carried out periodically.

  5. Train your staff

    Large organisations have the benefit of having dedicated and specialised cyber security personnel. Small businesses don't have these kinds of resources, but educating yourself and your employees about security protocols will go a long way in protecting your business. Phishing and ransomware have become something that is not only popular in the news, but also a genuine threat to small businesses.