Tips for Improving Cyber Security for Small Business

An image of , Cyber Security, Tips for Improving Cyber Security for Small Business

In the wake of the COVID-19 outbreak, we saw a massive uptick in sophisticated phishing email schemes. Google blocked over 18 million coronavirus phishing attempts each day at the beginning of the pandemic crisis. Cybercriminals never lose out on an opportunity even when it comes at the cost of a global crisis and tragedy. In fact, cybercrimes overall saw a massive surge in recent times with 54% of companies experiencing an industrial control system security incident. Moreover, even as five-year spending forecasts (to 2025) in cyber security point to well over $1 trillion in security expenditure – not all companies are spending enough on security to keep their network and data protected. Cyber-crime is expected to breach an estimated 33 billion records in 2023.


Small businesses face grave cyber security risks

The situation is particularly dire for small and medium businesses with recent data indicating that 70% of small businesses unprepared to deal with a cyber-attack and 51% still not allocating any budget to cyber security. No matter how small your operation may seem compared to the massive size of MNCs, fact remains that 43% of cyber-attacks always target small business. As small businesses rarely have enough spend in cyber security and simply are too unequipped to deal with increasingly sophisticated cyber-attack tactics – the data accumulated by small businesses form a highly lucrative target for attackers. Compare this state of affairs with the average cost of a malware attack on a company that is currently around $2.4 million and the situation looks quite dire.

The types of cyber-attacks on small businesses can be classified into the following categories according to the percentage of prevalence of attacks:

  • Web-based attack 49%
  • Phishing / social engineering 43%
  • General malware 35%
  • SQL injection 26%
  • Compromised / stole devices 25%
  • Denial of services 21%
  • Advance malware / zero day attacks 14%
  • Malicious insider 13%
  • Cross-site scripting 11%
  • Ransomware 2%
  • Other 1%

Most small businesses unfortunately persist in the mindset of ‘flying under the radar’ on the virtue of being small. In fact, 69% of small businesses persist in not strictly enforcing password policies. 16% of small businesses also report that they reviewed their cyber security posture only after a major security incident. Managed IT Services Vancouver can be a great resource for small businesses looking to secure their networks against rising cyber security threats.

Tips for Improving Small Business Cyber Security

  • Use layered security for limited access – Layering your security architecture can help keep your most valuable data safe even in the case of a breach. This can involve providing access to sensitive information strictly on a need-to-know basis. You can also use additional levels of protection, such as, additional passwords, encryption etc. Layered security can include the following:
  • Asset inventory – Regular comprehensive review of all your hardware and software to ensure they optimal performance and security. An updated inventory of all sensitive and mission-critical data and periodic check of user accounts to delete inactive accounts help against data and credential theft.
  • Perimeter and network security – Dividing your network into zones with different access and security levels can help contain threats when they do breach your defenses. Review of your SQL code and using web application firewalls can help prevent malicious attacks.
  • Activity auditing – Regular monitoring and review of data and network activity can help pinpoint exact user access and flag any suspicious activity.

  • Use Enterprise-grade firewalls – Enterprise-grade firewalls are different from regular firewalls in that they provide stronger monitoring and more efficient traffic management than basic ones. They act as your first level of defense against malicious traffic inflow and prevent accidental clicks to compromised websites.
  • Have a strong Mobile Device Policy – With remote work and anywhere operations, most employees now use mobile devices for office work. Using work email on mobile devices can pose particular security concerns with access to sensitive data off-premise. You should be highly careful in ensuring strong data encryption, install security apps to monitor usage on these devices and of course, use strong password protection.
  • Hire Outsourced Managed IT Services – If you have read this far and are already overwhelmed by the measures required and/ or estimated budgets needed to shore up your defenses against cyber security threats, you should seriously consider reaching out to a local managed services provider in IT Support Vancouver. They can provide you with much needed guidance on your business risk profile and help you with the latest defensive strategies, tools, and technologies – all at highly predictable, and manageable monthly rates.

  • Centralize hardware management – Please ensure that you have centralized management dashboard of all on-site hardware (including mobile devices) with set baseline configurations. A thorough asset inventory can really help keep track of your equipment, and all network logs should be audited to trace any unauthorized device access.
  • Strengthen your password policy – Apart from enforcing a strong password policy at the workplace, you should ask all users to change their passwords mandatorily at regular intervals. You can also use complex password generator tool for assistance in creating unique, but strong user passwords including a combination of capital and lowercase letters, numbers, and special characters.

  • Adapt and enforce Zero Trust policy – While the concept of zero trust policies are still fairly new, they are highly useful in ensuring enterprise data and network protection. This involves providing users with data and access (to systems, applications and databases) on a strict need-to-know basis. Strict enforcement of zero trust limits the perimeter of damages incurred through breaches, credential theft and user violations (accidental or deliberate).

  • Regular Data Backups – Consider automating your backup processes and at least, create regular backups with mandatory offsite storage. In case of a disaster event or a full network attack, such as a ransomware event, you can ensure business continuity and uninterrupted services with offsite backups.  

Protect Your Website with an SSL – Your entire website should be protected with secure socket layer (SSL). This ensures that all data is transmitted securely over the Internet between any computer and your network server, rendering data theft implausible. IT Consulting Vancouver can help you with implementing SSL on your website and even higher SEO ranking in Google with safe data practices.

An image of , Cyber Security, Tips for Improving Cyber Security for Small Business

Sam Goh

Sam Goh is the President at ActiveCo Technology Management, an IT Support Vancouver company. Sam comes from an operational perspective, his tenure at ActiveCo emphasizes working with customers to closely understand their business plans and to successfully incorporate the technology component to those plans. Under his leadership, ActiveCo has developed expertise which focuses on enriching the extensive customer relationships by integrating strategic and operational focus areas through consulting. When Sam and his wife Candee aren’t running ActiveCo, they enjoy road trips with their 2 children. Faith, family, friends and philanthropy lie at the heart of Sam’s personal beliefs.

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...