It’s easy to think that because you have a small business, cybercriminals will pass over attacking your business. That’s certainly not the case and having the “not much to steal” mindset is narrow minded and dangerous thinking.

You might think why are small businesses attacked more often than larger businesses?

Typically, small businesses don’t have the protection they need therefore have less secure networks and from this open themselves up to be more vulnerable. The majority of all cyber-attacks are to obtain personal data to use in credit card or identify theft. Due to the current circumstances we find ourselves in, fraud is rife and extremely common with hackers taking advantage of remote workers.

General reasons for businesses not having the protection they need is lack of time, budget and expertise. This then dovetails down into their teams not having the knowledge they need to identify security threats, failing to secure endpoints.

At Lily, we want to support small businesses so that’s why we have come up with 8 best cyber security practices.

A firewall is an absolute must! It’s the first line of defence in a cyber-attack. In addition to the standard external firewall many companies are starting to install internal firewalls for even more protection!

If employees are working remotely a firewall will need to be installed on their home network too!

It’s really important to document your business protocols to give your organisation the understanding of what is expected and best practices to work to. A phrase we use often at Lily is “you don’t know what you know”, if you don’t write down and share knowledge then you can’t expect others to follow practices. 

It’s important to have a strategy for managing your mobiles as they carry all of your data alongside your other devices such as laptops and computers. Depending on your business you may provide employees with business mobiles or you may currently allow them to use their own devices – this is extremely common. There’s even more to think about with the increase of devices which are linked to other products such as smart watches and fitness trackers.

Knowledge is everything when it comes to security so it’s important everyone receives regular training on your companies’ network and best practices. ‘Regular’ being extremely important as cybercriminals are always learning and becoming savvier.

If you want to make sure it’s taken seriously you can always have employees sign a document that they understand how important it is to follow protocol.

No one likes changing passwords as it’s a pain but not changing passwords is a dangerous strategy, passwords should be changed every 60 to 90 days.

As well as changing passwords regularly it’s important to make sure your credentials can be defined as ‘strong’. So, what is a strong password? We recommend passwords should include upper and lowercase letters, numbers and symbols! Make your employees keep your passwords secure, you could recommend using a password volt, definitely stay away from having sticky notes on desks!

Backups are essential in case the worst happens. Whist it’s important to prevent as many attacks as possible, it is still possible to be breached. It’s more unluckily but it’s best to be prepared.

Having backups in the cloud protects your business against data loss, make sure to check these regularly.

Phishing emails can get the better of all of us. As we know cybercriminals are becoming savvier and the emails they are creating are hard to differentiate from the company they are trying to identify as.

By having anti-malware software protects your devices and flags dangerous content.

Multifactor identification is available on most email and firewall products. We recommend using this feature as it’s less uncommon for cyber criminals to access both your passwords and the other authenticator such as a text message or app.

It’s important to invest in a strong security strategy to prevent cyber-attacks, but don’t underestimate the value of providing knowledge to your employees. Data breaches can happen from just one wrong click so prioritise providing extensive regular training.