Cyber Defences cybersecurity

SMB Cybersecurity: 8 Mistakes That Let Hackers In

For small businesses, cyberattacks might sound like something they don’t need to think about. Why would cyber criminals target a SMB?

Unfortunately small / medium businesses make very tempting targets for malicious hackers because they hold the same kinds of data that large businesses have, such as personal information, credit card details, passwords, and more.

However, the nature of SMBs means the information could be held less securely than within a large organisation, particularly if there isn’t a information security specialist or managed service provider such as us here at BVA.

SMBs are also tempting to hackers because if they compromise a business that’s a supplier to a larger business, they can also gain access to the bigger company as part of a larger supply chain attack.

No matter what kind of cyberattack a business falls victim to, whether that’s phishingransomwaremalware or any other malicious activity where attackers access and tamper with data, the results can be devastating.

In some cases, the cost of falling victim to a cyberattack has even forced organisations to close permanently. Fortunately, it’s possible to help keep your business and employees more secure online.

Here are some basic cybersecurity pitfalls you should try to avoid:

1. Don’t Use Weak Passwords

Cyber criminals don’t need to be super-skilled to break into email accounts and other applications. In many cases, they get in because the account owner is using a weak or easy password.

The shift towards cloud-based applications and remote working has also provided criminals with additional opportunities for attacks.

Remembering many different passwords can be difficult, which often leads people to use simple passwords across multiple accounts, leaving businesses vulnerable to cyberattacks.

Cyber criminals can also use brute-force attacks which quickly run through a list of commonly used or simple passwords.

Never base your passwords around easy-to-discover information, like your favourite sports team or pet’s name, because clues on your social media could give this away.

The National Cyber Security Centre (NCSC) suggests using a password made up of three random words, like a passphrase to make it difficult to guess.

A different password should be used on each account and a password manager can help by removing the need to remember every password.

2. Don’t Ignore Multi-Factor Authentication

It’s not impossible that even a strong password can end up in the wrong hands. Cyber criminals often trick users via phishing attacks, to steal login credentials.

Multi-factor authentication (MFA) provides an additional barrier to account security. It requires the user to to confirm that it really is them attempting to log in, via SMS message, authenticator app, or a physical security key.

The extra layer protects you because even if a criminal has the correct password, they can’t use the account without the approved access.

If you get an unexpected alert sof an attempted log in, report it to our IT security team and reset the password immediately to avoid continued attempts.

MFA or 2FA, is among the most commonly issued cybersecurity advice, but many businesses still aren’t using it, and that needs to change.

3. Don’t Put Off Applying Security Patches And Updates

One of the most common techniques used to breach and move around networks is taking advantage of cybersecurity vulnerabilities in applications and software.

When these vulnerabilities are disclosed, vendors who make operating systems will usually release a security update to fix them.

Security patches will fix the flaw as long as the update is applied, thus protecting the system from attackers attempting to exploit it.

Unfortunately, many businesses are slow to roll out security patches and updates, leaving networks and systems vulnerable.

Sometimes, vulnerabilities can be left unpatched for years, putting the business and customers at risk from cyber incidents that could easily be prevented.

One of the key things SMBs can do to improve cybersecurity is have a strategy for applying critical security updates ASAP.

You can set up the network so that software updates are applied automatically, or they can be dealt with on a case-by-case basis.

It’s vital to recognise critical security updates and patch them, they’re often detailed by cybersecurity agencies like CISA.

4. Don’t Forget About Antivirus Software Or Firewalls 

Antivirus software is there to help protect users and devices, from cyber threats including malware and ransomware.

These tools can’t help anyone if they’re not installed or active. To improve cybersecurity, install antivirus software across all devices on the network.

Nowadays, antivirus software is often bundled for free within popular operating systems, but there’s also the option of installing from a dedicated vendor.

However, you can’t just ignore antivirus software after installing it. As with other software, it’s important to prevent antivirus tools from becoming obsolete against evolving cyber threats.

Installing spam filters and firewalls can also help stay protected against cyberattacks, and like antivirus, it’s important to have these tools turned on and kept updated in order for them to be effective.

5. Don’t Leave Employees Without Cybersecurity Training

No matter the size of your business, it’s important to provide proper tools and training around cybersecurity awareness.

All it takes to provide malicious hackers with a way into the network is one person inadvertently making an error.

For example, they could mistakenly click on a link in a phishing email and install malware on the network, or they could fall victim to a business email compromise scam and transfer a large sum of money to someone claiming to be a business partner or even their boss.

Providing employees education on how to recognise phishing emails, suspicious links and other potential methods of attack is vital for helping to keep data, money, personnel and customers secure.

Employees should also know who they should report potential suspicious activity to, so suspected cybersecurity incidents can be prevented.

6. Don’t Ignore Backups

One of the key things you should be doing to make systems more resilient to cyberattacks is producing regular backups of your data.

In the event of an incident that encrypts, wipes or otherwise brings down the network, there will be a recent copy of all of your data that can be restored to ensure a relatively quick return to normal.

Backups should be updated regularly, so the data stored within them is as recent as possible. Backups should also be stored offline, preventing any attackers who get in the network from accessing and wiping them.

7. Don’t Leave Your Network Unmonitored

Setting up the network with controls to help prevent cyberattacks is very useful. Here at bva, we take on the responsibility of monitoring activity on our clients network for potential harmful behaviour.

This approach starts with knowing what internet-connected devices make up your network, because you can’t defend what you don’t know about.

Identifying internet-connected devices on the network might sound like a simple task, but it can get complicated quickly.

These devices include computers, as well as, IoT devices, point-of-sale machines, security cameras, and potentially much more.

All these devices could be exploited by cyber criminals if they’re not managed correctly. You’ll need to ensure they’re protected with the right updates.

Taking the time to audit your network to fully understand what’s on it is vital. Be aware of what’s regular behaviour and what could count as suspicious.

For example, if your suddenly seeing logins from the other side of the world, that could be a sign that something needs investigating.

8. Don’t End Up Facing A Cybersecurity Incident Without A Plan

Even if you have a solid cybersecurity strategy, there’s still a chance that cyber criminals could breach the network and use their access for nefarious means.

Whether that’s installing ransomware, conducting espionage, stealing credit card information or focusing on other malicious attacks.

In the event of an attack happening, it’s helpful to have a plan in place that’s accessible even if the network ends up offline.

Have a plan around how your business will respond to a cyberattack, how it could continue operating, and which cybersecurity agencies and investigators should be contacted.

This will help your business deal with a stressful situation with more structure of strategy and calmness.

The State of Incident Response: Measuring Risk and Evaluating Your  Preparedness | Threatpost

BVA IT Services & Solutions For Your Business

Consider us your technical ninjas, your trusted partner to maximize your information technology and long-term success.

Our custom IT services and solutions help businesses modernize processes, accelerate efficient workflows, strengthen security, and increase profitability.

It’s our job to help you stay ahead of the curve.

Without proper information technology operations and contingency plans in place, you could be left to deal with catastrophic consequences.

Take control over your IT before something bad happens, Schedule a FREE Technical Assessment with us today!

We’ll come onsite to assess your current technology environment to find any issues that are costing your business in order to provide you with the best technical solutions customized for you.

Stay up, running, and protected. Empower your IT!

Leave a Reply

Your email address will not be published. Required fields are marked *