cybersecurity

10 Tips for Enhancing Your Small Business Cybersecurity

Ezra Cabrera | March 29, 2024

Contents

    In 2017, a cyber attack was released on 230,000 computers worldwide. WannaCry ransomware locked up personal files on computers running Microsoft operating systems. The software demanded $300 in Bitcoin from each user or it would delete their data. While it was shut down quickly, many of the encrypted files were lost forever, costing millions of dollars.

    Or perhaps you remember 2007 when Estonia was beset by attacks that shut down their government and central bank. Those with a smattering of gray in their hair might even remember 1999, the year the Melissa Virus was released. Or, the time a 15-year-old hacked NASA, causing a 21-day shutdown. 

    Because that’s how we think of cybercriminals and cyberattacks, right? Young hackers with spiky blond hair who go by names like SubZero attacking multinational corporations or bringing down Wall Street. But the truth is, cybercriminals are 3x more likely to target small businesses like you. 

    And it makes sense; small companies are likely less prepared technologically and systematically, and their employees have greater access to information, and of course, cutting costs is always a priority when businesses are starting to grow.

    Image Sourced from AdvisorSmith
    Image Sourced from AdvisorSmith

    What Are Cyberattacks?

    Cyberattacks are malicious activities carried out in the digital world by individuals, groups, or even nation-states to compromise information on their victim's computers. The motives might be financial, political, meant to cause disruption, or to spread propaganda. Or, if my knowledge of 90s films hasn’t led me astray, to win the love of feisty, equally spikey-haired girls. But I may be wrong about that last one. 

    10 Tips to Enhance Your Small Business's Cyber Security

    1. Use Secure Website Hosting Platforms

    Perhaps the simplest form of attack is when cybercriminals overload your system or network by bombarding it with traffic. 

    In normal circumstances, when a customer wants to connect to a website, their browser sends a request to your site to get the information. This isn’t a problem when you have 100 people browsing your site. But what happens when cybercriminals send 1,000 or 1,000,000 requests a second?

    Gridlock. 

    In severe cases, no one can access your site; however, even a slow site is enough to put off customers and send them running to your competitors, affecting your bottom line. 

    While there is little you can do to stop cybercriminals from attacking your website this way, there are things you can do to mitigate them, such as using firewalls on your server to limit access. However, the simplest way to deal with such attacks is to use a reliable web host such as Only Domains. Use multiple secure servers to host your website and ensure your site is always fast and accessible.  

    2. Educate Your Employees

    Many of the common ways of attacking your computer systems are not by finding weaknesses in your computer network. Rather, it’s by doing what con artists have done since immemorial – tricking people into trusting them. 

    The technique known as phishing involves contacting people directly while posing as a trustworthy person or entity, often through emails. According to research by IBM, 41% of all cyber attacks were committed through phishing, and another 26% resulted from compromised customer-facing applications.

    Training your employees to spot phishing messages and suspicious activity when they crop up is vital. Teach them key questions to look out for, and set clear rules for what information can be passed on. Not only will this help cybersecurity, but investing in employees is one of the best ways to improve your organization’s operational efficiency

    Finally, ensure that you only hire professionals who know how to ensure you stay safe in the first place. In-house training is a great tool, but using ATS recruitment software to filter and find applicants with suitable IT skills can be one of the easiest ways to protect you from cyberattacks.

    3. Use Professional Antivirus Software

    Another pervasive way for cybercriminals to target you is through malicious software, known as malware, that can infiltrate your system to gain access to your data. These include viruses, worms, ransomware, spyware, and trojans. 

    Given how much of our data is stored online, especially with the rise of homeworking since the pandemic, it’s surprising how many small businesses rely on the scant protection provided by Windows Defender. Professional anti-virus software such as Norton, Avast, or AVG offers small business packages, giving you up-to-date protection across all of your devices.

    Of course, it can seem like a major expense to spend money on anti-virus software, especially when free versions are available. However, it’s worth looking into options. Just last year the SBA announced a $3,000,000 grant to bolster cyber-security.

    4. Check Your Privilege

    Another thing that can limit the danger of phishing attacks is to limit employee access to data. Not everyone needs to know everything about your network security. Implementing privilege levels is a good way to ensure that only those trained have the information cybercriminals need.

    5. Geofence Your Websites

    Another tactic to limit the effects of cyber attacks is to ensure that your websites are local and isolated from each other. For example, you could use your Only Domains .NZ site to host your New Zealand website. Should cybercriminals attack that site, at least your U.S. customers will be unaffected and still able to buy from you. 

    6. Use Secure Messaging Platforms

    Cybercriminals intercept, relay, and potentially edit messages between two parties. These are known as Man-in-the-Middle (MitM) attacks. Emails are especially vulnerable to cybercriminals' leverage, thanks to how the message is passed. This is particularly true of older email systems that rely on POP (Post Office Protocol) and IMAP. 

    The best protection against this sort of attack is to use end-to-end encryption. This ensures that any messages are unreadable to criminals who might intercept them.

    For smaller messages, apps like WhatsApp or iMessage always use end-to-end encryption. They are a reliable free choice for sending private messages. However, if your business sends particularly sensitive information, consider options like Confide. 

    Confide sends end-to-end encrypted messages that self-destruct Mission Impossible style once they’ve been read.

    7. Use Secure Remote Access Software

    Just as messages can be intercepted, so can passwords and login details when employees work remotely. To avoid MitM attacks when your employees log on remotely, make sure they are securing their remote devices using remote device access software. This will keep everything they send hidden, even if they log in via the local coffee shop WiFi.

    8. Ensure Employees Use Unique Passwords

    The first thing to ensure is that your employees use a secure, unique password to log on to your network. Training can go a long way here, but consider getting employees to use a password manager like NordPass. This won’t help if your site is cloned directly. Still, it will certainly help stop your employees from accidentally giving away login information to another cloned site.

    9. Be at the Top of Search Results

    One frighteningly simple technique for cybercriminals to use nowadays is to clone your entire website. With a click of a button, it’s possible to create an exact replica of your website (so similar, even its mum wouldn’t notice the difference). 

    The best way to avoid this is to ensure that your site is the first that crops up when they search. Nobody enters website addresses directly nowadays; they just type the name into Google and click. A sophisticated SEO strategy can ensure that you are number one on the list, reducing the chances of customers or employees clicking on a fake version of your site. 

    Using the relevant local website can also make a massive difference in where you appear in the search rankings. Using an Only Domains .ae website for customers in the Arab Emirates and a .co.uk domain for your British customers will go a long way in ensuring you avoid scams while driving revenue at the same time.

    10. Secure Your Phones

    With so much business being conducted via email and messages, it can be easy to forget all the information we transfer while we’re chatting away. Yet, with the rise of remote working, more meetings than ever are being conducted remotely. This is often where the most secure and private information gets shared most freely, including contact information and credentials.

    In 2020, 530,000 Zoom user credentials were up for sale on the dark web.

    Image sourced from NordVPN.com
    Image sourced from NordVPN.com

    Yet in this digital age, even our phones use the internet. Companies look to Voice over Internet Protocol calls to ensure that their employees can keep the same phone number wherever they are. But not all internet calls are built equal. Using accredited systems with real-time fraud detection (such as VoIP phone services from Vonage), can help keep your private meetings private.

    The Bottom Line

    With the overgrowing dependence on the digital world, cyberattacks can devastate your business. From choking your revenue by shutting down your website to holding your data hostage with ransomware, there are more ways than ever that cybercriminals can target you. However, the power to protect yourself is in your hands; it is more important than ever to ensure that you stay protected from cyberattacks by enhancing your cybersecurity.

    About the Author

    Ezra Neiel Cabrera has a bachelor’s degree in Business Administration with a major in Entrepreneurial Marketing. Over the last 3 years, she has been writing business-centric articles to help small business owners grow and expand. Ezra mainly writes for SMB Compass, but you can find some of her work in All Business, Small Biz Daily, LaunchHouse, Marketing2Business, and Clutch, among others. When she’s not writing, you’ll find her in bed eating cookies and binge-watching Netflix.