First steps small businesses should take to become cyber secure

5 steps for small businesses to secure themselves against cyber attacks

Share This Post

The National Cyber Security Centre (NCSC), the UK government’s cyber authority, reccomends five key steps to keep SME’s secure

We have summarised the guidance below; its a great place to start for any SME wanting to secure their business.

1. Back up your data

Cyber-attacks targeting small business often involve making your data unavailable so that your company’s IT system stops working.

To mitigate this threat, you need to have back-ups of your data and applications, so your IT system can be restored.

Backing up data is often a dull task, but its needs to be part of your business routine.

Ensure any back-ups are separated from your normal network and can be accessed in an emergency. Practice this process periodically so you can implement it in a crisis. 

2. Protecting your organisation from malware

This section is about knowing your IT network, understanding the systems running on it and keeping them up to date.

Ensure your system’s antivirus software, such as Windows Defender, is enabled. This is a basic first line of defence and will stop routine threats.

You must understand whether any of your key systems fall outside of this protection.

Patching, updating software with the latest version, is important as updates often prevent systems from being exploited by attackers. Design a patching routine once you understand your network.

Create some basic policies to stop users enabling attacks. Examples include; preventing the use of USB sticks (they can import viruses) and user profiles for staff that do not enable access to all of the network (they could give a hacker the keys to your kingdom).

3. Keeping your smartphones and tablets safe

You need to understand which phones and tablets are used by your company; any phones or tablets are an extension of your corporate network and require basic protection.

As you would for your personal phone or tablet, ensure your corporate equivalents are protected with a decent PIN number and the operating system and apps are kept up to date. As phones could be stolen, having appropriate tracking software will enable you to wipe data if they fall into the wrong hands.

Avoiding using free public Wi-Fi networks is prudent as they can be accessed by attackers, but ensuring your phone is up to date is the most important defence and is key to securing them against most threats. 

4. Using passwords to protect your data

Avoid passwords that use obviously simple phrases such as ‘pword123456’ or similar. But the most essential element for protecting systems and accounts is multifactor authentication (MFA).

MFA is key to stopping even the most sophisticated cyber attackers.

Whilst the NCSC recommend protecting your key accounts with MFA, we believe that all accounts, especially administrative accounts and systems should be protected by MFA.

All systems, such as laptops or phones, or software such as email or accountancy programs, should be protected with a password or PIN. A password manager will enable your staff to avoid re-using passwords and to store them securely.

5. Avoiding phishing attacks

Phishing – the sending of fraudulent emails that contain viruses or dodgy links – is the most popular way for cyber attackers to infiltrate your network. Protecting against phishing requires technical and human defences.

Ensure the accounts of your staff do not enable them to access parts of the company they do not need to. Protect administrator accounts, they should not be used for internet browsing or email usage.

Many of the latest technical defences struggle to stop phishing emails. You need to equip your staff with the confidence and knowledge to spot phishing and report any suspicious phishing emails. This can be done using the latest threat updates (see here).

Implementing the 5 steps

This is a summary of the NCSC advice, like most things related to cyber security, its more complex to implement the guidance than understand it.

We at 2tela are experts at understanding our clients, assessing their needs, and working with them to implement cyber protection.

If you would like an initial free discovery call to discuss how to put in place the 5 steps, please click here

Request a call back from team 2tela

Fill in your details and we'll be in touch

More To Explore

Threats & Exploits

Cyber operations during conflict and war

Middle East tensions significantly increased following the UK designated terrorist group Hamas attacked Israel on 7th October. Cyber operations are increasing and is a growing threat to UK businesses.

Do You Want To Boost Your Business?

drop us a line and keep in touch

Please Login

First timer?

Learn how we help give businesses peace of mind and security

Fill in the form and we'll be in touch.