In the wake of the Covid-19 pandemic, millions of small businesses have had to deal with a raft of cybersecurity measures that many will have had no previous experience of such as using VPNs, choosing the correct one, and how to ensure safe remote working.
Many businesses will have done just enough to get by but also be ready to emerge with a much greater awareness of the importance of cybersecurity. Perhaps this understanding will have been forged by the security weaknesses of partners, their own vulnerabilities, or a simple understanding of just how deep and wide the malware threat is.
For many small businesses addressing cybersecurity issues might seem overwhelming. But it doesn't have to be:
- Start small and simple. Don’t try and do everything at once. Identify the vulnerabilities that would leave the business most exposed in the event of a system compromise and deal with these first.
The following points highlight how you can adopt this ‘keep it simple’ approach and ensure you don’t drown in costly complexity.
Ensure employees are using VPN connections
A VPN provides secure encrypted tunnels between the home user and a remote server. This is of crucial importance in protecting sensitive company data from attackers who are targeting a Wi-Fi hotspot or even company data. In short, it locks down your data so nobody can access it.
It might be tempting to use a 'free' VPN service, especially during these cash-strapped times but many of these services attempt to monetise their service by selling your data to third parties. Users will also likely be plagued by pop-up ads while logs detailing their VPN usage can also be kept.
A one-year inexpensive subscription to BullGuard VPN
provides connections for six devices, doesn't log connection data, is ad-free, and even improves performance by negating bandwidth throttling that many ISPs use. And of course, it provides priceless peace of mind.
Change Wi-Fi network passwords
Because so many employees are now working from home, cybercriminals have never had it so good, they have more opportunities to attack any number of devices or networks than ever before. As such all small businesses should encourage their remote workers to change the default passwords on their home routers to a strong unique password.
It’s a simple and important action. It’s extremely easy for an attacker to successfully hack a router.
- Enter your router's IP address into your web browser
- Log in with the default username and password, often both admin but the password may also be the password on the back of your router
- Go to settings
- Select Change Router Password or a similar option.
- Enter the new password
- Save the new settings
Small businesses should look to enable multi-factor authentication when providing connections to private networks. Multi-factor authentication (MFA) typically involves codes that are texted to an employee’s phone which must be submitted in addition to a username and password.
This might require some external help in implementing software that authenticates IDs, but that said it should be a relatively inexpensive process. MFA makes it much more difficult for crooks to make use of a stolen password. It ensures that only those with a need to access a system can do so securely which in turn significantly limits the potential for data theft.
Update and patch
One of the simplest ways to keep your small business safe is to make sure all of your systems are patched and updated. This is one of the best defences against malware and especially so for systems running Windows.
Updates that are released address specific security threats that have recently been discovered. By downloading and installing the updates, you can patch the vulnerabilities that malware authors try to exploit. It’s important to ensure that all the operating system auto-updates are enabled. This applies to all systems, from workstations to laptops and smartphones.
Back up data
Small businesses need to conduct regular backups and store backup data in offline locations. A cloud storage service is the simplest and most cost effective option. Data backups ensure quick recovery in the event of a ransomware attack or some other form of business outage. As such it’s an extremely important action.
Watch out for social engineering
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In cybersecurity, it translates into phishing emails and sometimes SMS messages and phone calls.
It's important to ensure employees are aware of phishing emails and particularly how their numbers have increased exponentially during the Covid-19 epidemic as attackers attempt to exploit fear and uncertainty. Put simply, if an email is unexpected, appears suspicious, and doesn't ring true, double-check with the sender over the phone. Certainly don't click links within the email or open/download attachments until you're absolutely certain that it’s legitimate.
End device protection
Protecting endpoint devices is a vital necessity to protect small businesses yet it’s something that many find complicated. With many employees today working from home it’s difficult to know what antivirus protection they are running if any at all. They may also be using their own computers and smartphones to access the company network. If any of these devices are infected with malware, for instance, an employee clicks on a malicious link they could download malware onto a device without suspecting. This could not only damage the device but the malware could find its way onto the company network.
It’s difficult for a small business owner to ensure all end devices are protected. Of course, they could ask each employee to contact you before they download anything but this is impractical as well as infringing on privacy if they are using their own computers.
Free, robust, small business protection
A dedicated small business solution is BullGuard Small Office Security
. It provides rigorously robust, award-winning protection that safeguards against malicious attachments in phishing emails, malicious code hidden in websites, and all types of malware including deadly ransomware.
And most importantly it is managed remotely centrally via a cloud-based dashboard. As such the software can be loaded onto all devices remotely and simultaneously by simply sending an email. In acknowledgment of the difficulties, small businesses are facing BullGuard is offering free protection for 3 months, with no strings attached. You don't even need to provide payment card details. This offer is simply designed to help small businesses surmount the cybersecurity obstacles many of them are now facing. Find out more here