7 Easy Cybersecurity Tips for Small Businesses

Cybersecurity isn't just a concern for giant corporations—it's vital for businesses of all sizes. While larger organisations might have vast resources dedicated to thwarting cyber threats, smaller companies often feel left in the lurch.

We recently heard that local Kettering-based business KNP Logistics group, the parent group of the 158-year-old haulage firm Knights of Old, has entered administration as a result of a cyber attack earlier in the summer.

They were subject to a major ransomware attack (a type of cyberattack that we highlighted in our prediction of cyber security in 2023) which targeted critical infrastructure including systems, processes and financial data.

Administrators said: "Despite being one of the UK's largest privately owned logistics group, KNP fell victim of a ransomware attack earlier this year that caused significant disruption." As a result, 730 employees have been made redundant.

It highlights the necessity for businesses, no matter how big or small, to have a heavy focus on their security and defences. It isn't just global corporations that can fall foul of cyber criminals.

Strengthening your defences doesn't necessarily require a hefty budget or a team of IT experts. From basic protective measures to harnessing advanced technologies, this guide outlines seven straightforward strategies that can fortify any business against cyberattacks.

1. Get to Know Cyber Essentials

Amongst the vast number of cybersecurity frameworks, one program has emerged as a constant for UK businesses, especially smaller ones: Cyber Essentials. This initiative, designed to guide companies in establishing fundamental layers of protection against common cyber threats, acts as both a certification and a roadmap. Here's a breakdown of what you need to know:

1. Origins of Cyber Essentials: Launched by the UK government, Cyber Essentials was developed in collaboration with industry partners to create a standardised approach to cybersecurity. It's a testament to the belief that basic cybersecurity practices can prevent a significant portion of cyber threats.
2. Two Levels of Certification:
   • Cyber Essentials: This self-assessment option offers a foundation in cyber best practices. By adhering to its guidelines, businesses can thwart a vast majority of common cyberattacks.
   • Cyber Essentials Plus: A step up from the base level, this involves hands-on testing of the business's systems by independent experts. It ensures that the protective measures implemented are both present and effective.
3. Core Requirements: The program emphasises five essential mitigation strategies:
   • Boundary Firewalls & Internet Gateways: Proper configuration ensures that only necessary network traffic can pass through.
   • Secure Configuration: Systems and devices should be set up securely to avoid potential vulnerabilities.
   • User Access Control: Ensure only the necessary personnel have access to your data and services, minimizing potential entry points for cyber threats.
   • Malware Protection: Implement effective solutions to detect and ward off malicious software.
   • Patch Management: Regularly update and patch all software to shield against known vulnerabilities.
4. Benefits Beyond Security: Achieving a Cyber Essentials certification is not just about fortifying defences. It's a badge of trust, assuring clients and partners that your business takes cybersecurity seriously. Furthermore, it can provide a competitive edge in the market and may even be a requirement for certain contracts, especially if you're planning to work with government agencies.
5. Continuous Evolution: As cyber threats evolve, so does Cyber Essentials. The program undergoes regular reviews to ensure it remains relevant and effective in the ever-changing landscape of cyber risks.

In a nutshell, Cyber Essentials provides businesses, regardless of their size or technical prowess, with a clear path towards more robust cybersecurity. While it doesn't replace the need for more advanced measures in specific industries or larger corporations, it serves as a solid foundation upon which to build a comprehensive cyber defence strategy.

2. Empower Your Employees with Comprehensive Cybersecurity Training

A company's cybersecurity is only as strong as its weakest link, often found in human behaviour. Training employees in foundational security principles is not just a good practice—it's an essential one. Here's how businesses can effectively instil security-conscious behaviours in their teams:

1. Establish Clear Security Practices: Start by laying down ground rules. Every employee, from the intern to the CEO, should understand and abide by basic security policies. This can encompass:
   • Using strong, unique passwords for all accounts, ideally with a combination of uppercase letters, lowercase letters, numbers, and special symbols.
   • Avoiding the use of personal passwords for work-related accounts or tools.
   • Ensuring that sensitive data is only accessed from secure networks, preferably VPN-protected.
2. Craft Internet Use Guidelines:
   • With the Internet being an integral part of most businesses, it's vital to establish guidelines on its appropriate use. This should clarify which websites or services can be accessed and which ones should be avoided.
   • Outline clear consequences for violations, such as accessing unsecured websites, downloading unauthorized software, or sharing sensitive data through non-approved channels.
3. Handling Customer and Vital Data: Customer trust is paramount, and mishandling their data can lead to significant reputational damage. Make sure that employees know:
   • The importance of treating customer information with the utmost respect and confidentiality.
   • The specific protocols for accessing, modifying, or transferring this data.
   • The tools and software approved for data storage and communication.
4. Consequences and Accountability: It's essential not only to have policies in place but also to ensure they are enforceable. Detail the penalties for violating company cybersecurity policies, which can range from mandatory retraining to more stringent measures, depending on the severity of the violation.
5. Continuous Education: The world of cybersecurity is dynamic, with threats evolving constantly. Regular training sessions, workshops, or updates should be a norm, ensuring employees are aware of the latest risks and best practices.

While having top-notch cybersecurity software and tools is important, they can only be effective if employees know how to use them correctly. A well-informed workforce is the first line of defence against potential cyber threats, making their training a top priority for any forward-thinking business.

3. Protect Your Information, Systems and Networks from Attacks

The importance of protecting information, computers, and networks from potential threats cannot be overstated. A robust cybersecurity posture involves not just policies and training, but also maintaining hardware and software that are primed to repel intruders. Here's how to ensure your systems are not just functional, but fortified:

1. Maintain Clean Machines: A clean machine is one that's regularly updated, free from unnecessary or outdated software, and protected from malicious elements. This cleanliness serves as the foundation for your defences.
   • Latest Is Safest: Always ensure that your operating system, web browser, and security software are up-to-date. Developers continuously patch vulnerabilities, and by running the latest versions, you benefit from these enhancements.
   • Fortify with Antivirus: Not only should you have reliable antivirus software, but you should also set it to scan your machine after every update. This ensures that, with each new version, potential threats are identified and handled promptly.
2. Embrace Prompt Updates: While it might seem tempting to hit the "remind me later" button when a software update pops up, delaying can leave you vulnerable.
   • Automatic Updates: Where possible, set your key software to update automatically. This way, even if you miss a notification, your system won't miss an upgrade.
   • Stay Informed: For critical software or tools that don't offer auto-updates, stay informed about their latest versions. Subscribe to their update notifications or occasionally check their official sites for updates.
3. Be Wary of Downloads: Ensure that all downloads—whether they're apps, software, or email attachments—are sourced from trusted platforms or senders. Malware often disguises itself as legitimate software, so always err on the side of caution.
4. Regular Backups: While this is about defence, having a robust backup system ensures that even if an attack does occur, you can restore your data without significant losses. Regularly back up vital information to secure external drives or cloud storage.

Think of your digital systems as a fortress. The strength of its walls—the software and operating systems—matters immensely, but so does the vigilance of its guards, which is you and your practices. Keeping machines clean and updated is a simple yet crucial step towards a safer digital environment.

4. Standardise Your Security Standards

Digital is fraught with threats, from minor malware to colossal cyber breaches. As these risks amplify, there's an emerging consensus in the cybersecurity community that defensive measures shouldn't be optional add-ons but foundational standards for all organisations.

Lisa Ventura, the visionary founder of Cyber Security Unity—a global platform championing cyber defence — emphasises that every institution, irrespective of its scale, should adopt specific security solutions as a baseline. Here's a distillation of her recommendations:

1. Embrace Multi-factor Authentication (MFA): Beyond the conventional username-password setup, MFA requires additional verification—often a dynamic code sent to a mobile device or email. This layered approach substantially reduces the chances of unauthorized access.
2. Commit to Regular Maintenance:
   • Software Patching: Update software consistently. Developers continuously refine software not just for new features but, importantly, to mend security vulnerabilities.
   • Data Backups: Regularly backup critical data. In the event of a cyber incident, you can restore most of your information.
3. Equip with Antivirus Solutions: Ensure all devices are protected with reliable antivirus software to shield against malicious software threats.
4. Prioritise Security Training: All employees should undergo periodic security awareness training. Knowledgeable staff can identify threats early, averting potential breaches.
5. Fine-tune Firewall Configurations: Network firewalls should be meticulously set up to deter unnecessary traffic, permitting only crucial communications to flow in and out.
6. Opt for Endpoint Protection: Every endpoint, from computers to mobile devices, should be fortified with protection solutions, encompassing both antivirus and anti-malware tools.
7. Strengthen Password Protocols: Utilizing password management tools serves a dual purpose: generating robust, unique passwords and providing a secure vault for storing them.

Ventura's advice is clear: making security solutions a standard is not just a best practice—it's a necessity. And with the tools and strategies available today, every organisation, regardless of size, can fortify its digital boundaries.

5. Implement Zero Trust Network Access

With the rise of remote and hybrid work models, we’ve seen a seismic shift in how organisations think about their network security. Traditional methods like Virtual Private Networks (VPNs) are now being re-evaluated in favour of more secure and adaptive approaches, and leading the charge is the Zero Trust Network Access (ZTNA) model.

ZTNA operates on a foundational principle that's markedly different from legacy systems: it doesn't inherently trust any connection request, irrespective of its origin. Instead, it evaluates each request individually, considering various parameters, before granting access. This zero-trust methodology ensures that only verified and approved connections get the green light, significantly mitigating potential threats.

Beyond its superior security benefits, it optimises user experience. Unlike traditional Wide Area Networks (WAN) where data traffic often must navigate through cumbersome corporate firewalls, ZTNA provides direct connectivity. The result? Faster, more direct connections to the required resources without the latency of old systems.

ZTNA, with its rigorous security approach and streamlined user experience, presents a compelling solution for businesses looking to safeguard their digital assets in this new age.

6. Switch to Cloud Backup

Data stands as the lifeblood of business operations and securing it has become paramount. Traditional backup solutions, like physical storage or tape backups, are increasingly proving insufficient to meet the demands and threats of the digital age. They are often resource-intensive and can lead to catastrophic data loss if mismanaged.

Enter Cloud Backup. This avant-garde technology offers a nimble, secure, and economical alternative. Cloud backup ensures that companies have swift and reliable access to their data, even in the dire event of data loss. Notably, it has shown promise in offsetting the alarming statistic that up to 60% of businesses facing significant data loss close down within six months.

Apart from scalable and automated backups, cloud solutions offer reliable data recovery, streamlined operational efficiency, and a reduction in downtime. These solutions present cost benefits with predictable subscription-based models. Businesses now, more than ever, should recognise the inevitability of migrating to cloud backup not only as a proactive measure but also as a strategic one for their continued growth and security.

7. Actions That Cost Nothing

The notion that the most effective defences come with hefty price tags is widespread. However, there's a trove of countermeasures that are not only potent but also remarkably economical – in fact, many don't cost a penny.

Initiating basic yet impactful strategies, such as devising a disaster recovery plan, routinely altering intricate passwords, and assessing potential vulnerabilities with third-party suppliers, can be done without draining resources. These simple measures play an instrumental role in fortifying an organisation's walls of defence.

Many companies often overlook the tools they already possess. A prevalent example is the Microsoft Office 365 suite, a staple in many corporate environments. Unbeknownst to many, this software comes equipped with built-in security features, including multi-factor authentication (MFA) and advanced password management. All that's required is the activation of these features to leverage their protective capacities.

The message is clear: investing time in understanding and implementing cost-effective cyber strategies can pay enormous dividends in thwarting potentially expensive security breaches.