For a small business owner, the first step on the cybersecurity journey is to understand the types of cyber threats that their business is facing. This can often be bewildering given the plethora and evolving nature of attack techniques. The most prevalent types of cyber attacks that small businesses need to ready themselves for include attacks where adversaries encrypt data and demand a ransom, commonly known as ransomware. Although these types of attack have been around for a number of years, their impact on society became extremely evident with the well-publicised ‘WannaCry’ ransomware attack, which affected organisations in over 150 countries.
There is also nearly weekly coverage in the media of organisations that have experienced a data breach, which has led to sensitive information ending up in the public domain or being exploited by adversaries. Often data breaches are the result of successful phishing or watering hole attacks. Phishing attacks involve employees being duped into clicking on a malicious link within an email or opening an infected attachment while watering hole attacks entail frequently visited websites being compromised and malware being inadvertently downloaded.
Simple things matter
Getting simple things right can be applied to many aspects of life and cyber security is no different. There are simple practical steps that small business owners can implement to put themselves on a surer cyber footing and to protect their largest asset – their business.
The UK’s National Cyber Security Centre provides independent advice to businesses through their Cyber Essentials scheme to enable businesses to enhance their approach to cybersecurity. Here are some practical steps businesses should be considering to improve their cybersecurity:
- Ensure firewalls are enabled and configured for all devices – especially important for devices that are connecting to the internet or untrusted wifi networks.
- Only use software, apps and accounts that are needed and protect them with strong passwords. Employees using important applications, such as banking or IT administration, should also prove who they are by entering a numeric code that is sent to their smartphone or by using their fingerprint as a secondary form of authentication.
- Employees should be set up with individual user accounts. Only employees that need admin accounts should be provided with them, thereby reducing the risk of accounts with admin rights being compromised. The activities that can be carried out with admin accounts should also be controlled.
- Protect your laptops, smartphones, PCs and servers from malware and viruses by implementing and regularly updating anti-malware controls across devices. Phishing is a key method for infecting devices. It is therefore also important to increase employee awareness of phishing attacks.
- Ensure Operating Systems, software and devices are using the latest updates to benefit from fixes of known security vulnerabilities.
- Regularly back up important data on separate and unconnected storage to combat ransomware attacks.
An increased awareness of cyber threats and getting the simple things right are the first steps in enhancing your business’ cyber readiness and resilience in the face of the evolving threat and regulatory landscape.
Cybersecurity is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodacom Business provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. For more information on our offerings, visit Vodacom Business online.