Cyberattacks and data breaches: best practices for protecting your SMB

Cyber attacks and data breaches prevention tips best practices

Small businesses or SMBs are the lifeblood of any economy and Canada is no different. If you’re a small business owner thinking that you’re too insignificant for cybercriminals, you’re wrong. Experts believe that cybercriminals typically need very little resources for mass-producing attacks. SMBs tend to be more vulnerable to cyberattacks and data breaches since they generally spend less on cybersecurity.

This article explores the best practices you should consider adopting to protect your business from cyberattacks and data breaches. 

6 Best practices for preventing data breaches in your small business

Here are six of the simplest ways you can prevent data breaches in your business.

Improve user awareness

The first step towards protecting your business against cyberattacks and data breaches is improving user awareness about the cybersecurity landscape. With over a third of cyberattacks and data breaches involving internal threat actors, this cannot be overemphasized. Experts believe that improving user awareness within your organization can overall establish your employees as a human firewall.

By improving cybersecurity awareness within your business, you’d be ensuring that your employees understand the threats likely to affect them. They’d also be able to understand how to keep themselves protected or stay away from activities that are likely to prevent a breach. 

For instance, understanding how to spot phishing attempts or tackle business email compromise from vendors would be a great start. Improved awareness will also help your employees understand the need for strong passwords and the use of multi-factor authentication. You should also consider setting up Privileged Access Management to understand and manage all the user accounts within your enterprise.

Update all systems promptly

Leaving your systems and applications running with outdated firmware or software essentially make your business vulnerable to cyberattacks and data breaches. Remaining protected will involve you taking steps like regularly installing security updates, upgrading to newer software or discarding obsolete systems. By installing updates promptly, you’d be patching up any known vulnerabilities and preventing zero-day exploits by hackers.

A quick look into the WannaCry ransomware of 2017 shows that the majority of victims could have easily avoided the cyberattack by either updating their operating system or abandoning an obsolete version of Windows.

Backup your data frequently

However hard you prepare, there’s always the chance that something may go wrong. From hardware failure to ransomware attacks, backing up your data can help you ensure that you never have to start from scratch after an incident. However, you should aim to create backups the right way. Creating backups without validating them may give you a false sense of security if you’re unable to retrieve them.

Check out our detailed backup recommendations for small businesses here.

Use Intrusion Detection and Prevention (IDS/IPS) systems

Intrusion detection/prevention systems are an essential cybersecurity component for small businesses in the digital age. They generally listen to your network for bad traffic or potential attacks and prevent your systems from communicating with bad threat actors. If you’re looking to take your small business cybersecurity a notch higher, this is one practice you should adopt.

From preventing malware attacks across your network to stopping trojans and even phishing, IDS/IPS generally stop malicious activity against your business by dropping or resetting connections.

Furthermore, you should consider setting up firewalls with IDS/IPS rather than ISP-provided routers. Home-grade routers are built to allow users to connect easily and do not generally offer any firewall protection or monitoring. However, a firewall with built-in IDS/IPS can monitor your traffic to prevent malicious activity.

Consider getting cyber insurance

If you’re wondering why we’re talking about insurance as a way of protecting your business from data breaches, don’t fret. Cyber insurance can be a vital tool in your SMB’s cybersecurity arsenal. With 60% of businesses (mostly SMBs) closing within six months of a data breach, cyber insurance can be the difference between going bust or surviving in the unfortunate event of an attack.

Cyber insurance aims to protect businesses from the consequences of cyberattacks and data breaches. Some of these consequences can include fines, compensation and loss of business. As the cyber threat landscape continues to evolve, you’ll need to understand the benefits of cyber insurance as well as its limitations for your business and industry.

Boost your vendor and endpoint security

As you probably already know, no business can operate in this digital age without relying on support from third parties or vendors. Third parties like cloud service or application providers are typically granted privileged access to your IT infrastructure to enable them to support you seamlessly. 

However, this constantly increases the risk of a cyberattack or data breach of your business. The danger here is that if there’s a cyber attack on any of these vendors, the hackers may be able to access your systems using the privileged access already granted.

Similarly, the rise of BYOD policies and culture across Canada ultimately means that your small business now has to deal with more data endpoints than ever. Without adequate endpoint security and management, you may be leaving your business vulnerable to data breaches and cyberattacks. The average cost of an endpoint cyberattack in 2019 was $9 million and zero-day attacks show no signs of slowing.

Why MSPs and MSSPs are essential for preventing and recovering from data breaches in the digital age

The costs associated with getting numerous disparate cybersecurity tools is usually a discouraging factor for Canadian SMBs. MSSPs essentially overcome this problem by offering specialized services that meet the very needs of small businesses. They also provide solutions capable of overcoming the typical challenges that businesses face today. Overall, MSSPs can help your small business by reducing and managing their cyber risks as well as offering recovery support in the event of a cyberattack or data breach.

The bottom line

With SMBs making up 98% of all businesses in Canada, it’s fair to say that they will continue to be attractive targets for cybercriminals. The relatively limited budgets SMBs allocate for cybersecurity also means that they may be falling short. However, hiring MSPs and MSSPs can help bypass this challenge. 

Contact us today to discover how our small business cybersecurity solutions can help you with preventing, detecting or responding to cyberattacks and data breaches.

Trades Should Add Technology to Their Tool Belts

There are many hands-on trades that haven’t traditionally needed technology. Yet modern tech tools help the plumber, carpenter, welder, or other trade improve productivity and competitiveness.

There are certain common tasks tradespeople face daily:

  • scheduling appointments with clients, suppliers, or inspectors;
  • tracking project deadlines and budgets;
  • communicating with project managers, customers, trades, office administrators;
  • paying employee salaries;
  • invoicing and tracking payables, receivables.

These can all be done with pen and paper, sticky notes, and forms in triplicate, but technology cuts the time spent and lets you focus instead on increasing your bottom line.

The Difference Technology Tools Make

Most of us carry small, powerful computers around in our pockets every day, whether it’s a smartphone or a tablet. Internet-connected devices give tradespeople access to tools to enhance productivity.

Let’s start with scheduling apps, as tradespeople are often on the move throughout the day. Signing up for a scheduling tool (e.g. Doodle) makes it easier to set appointments, and you aren’t involved in the booking process. Customers simply go to your website or link to the app and choose an available time that works best for them. You can even set it up to ensure you have buffers between appointments or prevent someone from scheduling a new, big project to start at the end of your day.

Integrating the scheduling app with your website helps customers reach you. Also, connecting also to a shared cloud calendar can help your team work together better. Everyone invited into the calendar can see who is out on a call, and where.

You can make changes to a cloud-based calendar on any connected device. Others will see the alterations in real-time. This helps you avoid scheduling conflicts. You can set a follow-up meeting with an inspector while you’re out in the field. The office secretary sees your availability in real-time to set up a new customer visit.

Your Trade Office On the Move

With cloud-based office software also available online, you can get more done out of the office. You don’t have to make a trip back to the office to enter your invoice slips and make photocopies of receipts. Instead, take pictures on your phone or tablet, and attach them to the project file in the cloud, or invoice directly from a secure cloud-based processing site. You won’t have to worry about any paperwork getting lost in the back of a truck or bottom of a toolbox.

The Microsoft Office suite, Google Docs, and cloud storage are available from iOS and Android devices. This lets you monitor project timelines, view budgets, and track invoices and payments in the field. Cloud-based accounting packages let you see cashflow or outstanding balances, and pay contractors or suppliers on the spot.

Cloud-based software also gives every employee access to business tools in the office. With a virtual desktop, they can collaborate easily (out on a job or in the office) and make changes in real-time. For instance, a contractor could access software to edit a building plan, then actually see the new design in 3D modelling software.

The great news is that technology is ever more accessible and easy to use. Embracing modern digital tools can improve customer service and trade business efficiency.

Your skill set may not extend to technology, but that’s where we come in. We can help you find the right technology for your business needs.

6 Simple Tips to Protect Your Customer Data

6 Simple Tips to Protect Your Customer Data

As cyber-attacks continue to make headlines, hackers are exposing or selling customer data files in record numbers. But just like with any threat, there are actions you can take to minimize risk and ensure your business retains a positive reputation among customers. 

1. Stop using the same password on repeat.

Set a mandate for all staff that passwords must be unique for each user and for your workplace. That means it can’t be remotely like the one on their home PC, tablet or online banking. Passwords are hacked more than ever, so when you’re prompted for a password change, dig deep and really think about what goes into a hacker-proof password. If remembering them is a problem, consider one of the latest password management tools.

2. Go on a shredding spree.

How much sensitive data is being dumped into the recycling bin? Valuable customer data is often taken from the bins of small businesses and quickly sold or published. It’s not just good practice to shred sensitive documents, it’s the law.  Take 5 seconds to run documents through the shredder or book in the services of a secure shredding company.

3. Ditch the accounting spreadsheets.

Still using an Excel doc for all your number-crunching? Besides making your accountant’s job harder (and more expensive), you’re opening your business to a massive range of vulnerabilities. Even with password-protection, spreadsheets aren’t designed to safeguard your financials or those of your clients. Upgrade to a proper accounting solution with built-in customer data protections and security guarantees.

4. Train staff explicitly.

You can’t rely on common sense because what you think is a given might be news to someone else. It can be extremely beneficial to hold special data-safety training sessions once or twice a year as a reminder, as well as take the time to induct new staff into the way things are done.

5. Limit access to data.

Just like the bank manager who guards the keys to the vault, you can limit who accesses your data. Revoke employee access as soon as they leave your business for good, and set rules around who can access what – and when. Do they need access to sensitive information while working from home? Should they be able to change the files, or only view them?

6. Keep your software updated.

Possibly the most preventable hack, having outdated software can be an open invitation for cyber-criminals. They look for known weaknesses in business software and waltz right in. While the nagging pop-ups and reminders to update can feel like a selling ploy, they’re actually helping your business to stay in the safe zone. Updated software gives you protection against new viruses and hacking techniques, plus closes off those nasty weaknesses.

If you would like to make sure your business is secure from data breaches, give us a call.