In today's digital age, even small businesses are at risk of being targeted by cyber criminals. In this guide, we will provide an overview of the key cybersecurity risks that small businesses and start-ups should be aware of, as well as practical tips and best practices for protecting your business against these threats. By taking the necessary steps to secure your company's information, you can reduce the risk of a potential cyber attack and ensure the continued success of your business.
Who is going to cyber-attack my business? My business is small, non-tech.
Well the truth is, it doesn't really matter how big your business is or how far it is from the internet. There is always someone who will not hesitate to take the last euro from you or find other reasons to challenge your security posture. However, the history of cyber attacks shows that small businesses are rarely targeted for their money and data. There are mainly two reasons why cybercriminals attacking small and even non-internet companies.
The first reason is their customers. This is called a supply chain attack. The intention in this case is to reach out someone vigilant by exploiting the trust between them and their partner or a supplier.
Imagine you are designing a brochures for, say, a bank. That means the bank personnel is already knows you and would trust you better than a complete stranger. So people in the bank's marketing department would probably be less careful about opening files and e-mails from you. What would happen if someone else send these emails from your original address?
Suppose you are the baker, delivering your products to the local office building from time to time. This means that you, or someone pretending to work for you, would get less attention from the security guard.
let’s say you are an accountant who login into the clients internal web-site to read some financial updates. Would would happen if someone else would use your credentials to login into that web-site and cause a data leak or gain further access to the clients systems?
Attacks on the suppliers to reach out bigger targets are not rare cases, but there is another layer of the problem. Your assets that are connected to the internet, a website, accounts on social networks, but even a smart TV or that cheap security camera you put in the corner are very useful to people who do not want to be caught attacking someone else. You probably do not want these assets that belong to you, to be used for hiding traces of a crime or used to attack other businesses. Yet this is the second most common reason why small businesses suffer from cybercrime.
Answer the following questions:
- Do you have any business asset that connects to the internet at your business location or is directly known to be owned by your business?
- Do you have a publicly known business e-mail address?
- Are you known to collaborate with large companies?
- Do you have a website, and/or well-developed social networking account?
- Are you known to be trusted with secrets and highly sensitive information such as an accountant, a financial adviser, an architect, a private doctor?
Each yes to any of these questions, increases the chances of you becoming a victim of cybercrime. And once you have at least two “yes” you should seriously consider to take some precautions.
So what should you do to mitigate this risk? Observe cyber-security and cyber-social hygiene.
- Keep software and operating systems up-to-date with the latest security patches and updates. This also applies to assets you use, such as printers, cameras, mobile apps, smart devices.
- Use strong, unique passwords for all accounts, and try to change those passwords regularly. Consider using well-known, preferably offline password managers.
- Regularly copy important data and store it offline or seek professional help regarding backup processes. It will protect your entire business not only from security threats but also from equipment failures.
- Seek professional help if you have to deal with implementing firewalls, networks, websites and this is not your competence.
- Train employees to recognise and avoid common cyber security threats, such as phishing attacks and malware, and social engineering calls. Train yourself as well.
You should also take care of your online representation. This is called cyber social hygiene.
- Keep personal information (such as date of birth, address or phone number) as private as possible and do not share it with strangers online.
- Use strong, unique passwords (I know, but it's really important) for all online accounts and enable multi-factor authentication where possible.
- Be careful about posting information about your clients, work you have done or details about projects, especially if you don't have many clients.
- Don't even post information to the social media account descriptions, messages and forms unless you are absolutely sure it is necessary and secure. Think about everything you don't want complete strangers to know about you.
- Be careful with business and personal celebrations. Dates, numbers, location are probably not necessary for everyone to know.
- Be mindful of the information you post online, and consider the possible consequences of sharing it.
These seem like hard rules to follow, but in practice, behind these recommendations are the same practices you probably already follow when running a business in the non-digital world.
stay vigilant.