Top 5 FREE cybersecurity hacks for small businesses

No business is immune from cyber attacks these days, and most businesses know it. According to the most recent Allianz Risk Barometer, ransomware attacks, data breaches and widespread IT outages are now a bigger concern for companies globally than supply chain disruption and COVID-19.

For small businesses, the risks are perhaps heightened – and the consequences of attack potentially more catastrophic – when technology is necessary for critical business functions, but teams aren’t big enough to have dedicated IT security personnel.

According to Accenture, 43% of all cyberattacks are aimed at small businesses. Yet only 14% are adequately prepared to defend themselves. And they are even less prepared for recovering after an attack, with 83% of small and medium businesses saying they don’t have adequate funds.

There are, however, lots of steps small businesses can take to defend themselves against the possibility of cyberattack.

These are the best five cybersecurity measures small businesses can implement quickly and easily themselves, for free…

• Phishing training

Phishing attacks remain one of the biggest threats to small businesses. This type of attack preys on human error – or a lack of knowledge about such attacks – to deliver malware, gain access to business systems and steal critical data. Phishing attacks typically arrive as emails that include bad links that download malware, or direct users to dodgy websites that persuade people to submit or change their passwords, thereby giving cybercriminals access to personal or business accounts.

Because phishing attacks can’t work without human error, training your teams in how to spot such emails is your best line of defence. Rolling out education and guidance on how to identify a potential phishing email, as well as the nature of the threat they pose, is critical. Help your teams spot the common features, such as an urgency to the messages, poor grammar or bad graphics, or language that pressures the recipient to act. The email address delivering the attack will also be a giveaway, so teach your teams to always check where messages are coming from.

It’s also worth educating users about the normal, approved process for making payments, logging in to business accounts and the like – this will help any phishing attempts stand out as unusual, limiting the chances of your business becoming a victim.

• Multi-factor authentication awareness

This is a critical step in security processes, ensuring anyone logging in to the business system is verified as a legitimate user, but is sometimes viewed as cumbersome and unnecessary by users who don’t fully understand it. Multi-factor authentication, or MFA, requires users to log in to devices, networks or applications using a password, which triggers an authentication code via another method, usually a text message or email.

While usernames and passwords are of course important, they are also vulnerable to being stolen and exploited by cybercriminals, and the truth is that people rarely change or vary them often enough for them to be a reasonable standalone defence. If users have one password for all the critical areas of the business network – and it’s also one they use on their personal devices – your business is vulnerable.

An estimated 80% of hacking-related breaches are caused by stolen or weak passwords, so having a stronger authentication process that uses MFA, and teaching your users about why it matters, is essential.

• Cyberattack prevention

Most devices, computers, software and applications will come with some sort of in-built defence against cyberattack. As much as you don’t want your business falling victim to an attack, manufacturers and developers don’t want their products to be associated with one either. It’s therefore important to make sure you’re using all these attack-prevention measures across your business IT.

Make sure firewalls are turned on and working across all desktops computers and laptops. Make sure all devices have adequate anti-virus software running. And ensure all software, systems and applications are kept up-to-date and fully patched at all time. Manufacturers and developers will often build updates to combat specific security vulnerabilities they have identified, so it’s critical to ensure you’re installing these as soon as they are rolled out. Again, ensure teams and users are aware of the importance of firewalls, anti-virus and updates, and encourage them to take the necessary precautions.

• Proactive threat detection

It’s always easier to defend against attack if you know what the threats are and where they are coming from. For that reason, proactive threat detection is another good weapon in your small business arsenal.

Small businesses that use multiple computers or have remote workers will likely have a business network, which allows users to log in from wherever they are and access all the tools and information they need. By its very nature, a network is vulnerable, and it’s a good idea to have some way of monitoring who and what is trying to gain access at any given time.

Installing a Network Intrusion Detection System (NIDS) is a good way of protecting your business against cyberattacks, malware and DDoS attacks, and there are some great free NIDS available. Snort is an open-source intrusion prevention system that’s maintained by renowned tech company Cisco. It runs on Windows, Linux and Unix operating systems and there’s an online community that provides invaluable technical support and advice. Zeek is another free-to-use NIDS, which can operate on Unix, Linux and Mac OS, and runs on the application layer as well as monitoring network security. There are plenty of open-source, free-to-use proactive monitoring tools out there, so do your research to identify the one that best suits your business and reach out to your managed IT service partner for more information about the monitoring services they could make available to you.

• Encrypt and back up data

Any good cybersecurity system – for businesses large and small – needs to account for the fact there’s no such thing as 100% protection. Even businesses with huge, dedicated in-house IT security teams fall victim to cyberattacks from time to time, so small businesses should take heart in the fact they’re not alone.

So what can you do to limit the damage in the event your business systems or data are breached, or your IT systems are taken down?

Encryption and data backup are crucial in this respect. Encrypting emails and data means that, if a nefarious third party does intercept or attempt to steal them, they won’t be able to read the messages or files. Most email clients, including Outlook, Gmail, Yahoo and Hotmail, allow for messages (and any attachments) to be encrypted for free, and most file-creating software supports free encryption too – you’ll just need to read through the FAQs or customer support pages on the relevant websites to find out how to do that.

Another solid move you can take now to help minimise the damage caused by any future cyberattack is to back up all your business-critical assets and data. For small business that don’t generate or store a huge amount of data, something like an encrypted (and securely stored) external hard drive should be sufficient. Alternatively, there are plenty of cloud backup solutions that offer free storage and backup to a certain amount of space. Again, do your research to find the most appropriate solution for your business.

Backing up data and assets means you can minimise the disruption of a breach or data theft by recovering all your files almost immediately. The next step up, full system backup, is designed to store and restore your entire business system, and there are some decent free versions available.

Free trial of security services for small businesses

Perhaps the most reassuring option for small businesses looking to improve their cybersecurity posture is to outsource to cybersecurity experts. Here at VCG, we offer a range of scalable and affordable IT security solutions designed to keep small businesses safe, so they can keep doing what they do best.

Want to see how we can support your small business? Why not try our security services for small businesses for free for up to 20 days, and see how we can help you achieve cyber resilience with less cost and less effort.