Are you prepared to tackle cybercrime head-on?

• Push past password fatigue and ensure your passwords are more complicated than simply admin, password or 123456.
• Use a password manager generate complex passwords for all your accounts.
• Educate yourself, and your employees, on cybersecurity tactics such as phishing.
• A cybersecurity policy doesn’t need to be complex, or expensive. Get the basics right.

Cybersecurity seems like a technological problem, so most small businesses assume they need a technological solution. However, experts will tell you that cybersecurity is also about people, and not just IT.

The most sophisticated business network in the world, armed to the teeth with expensive security solutions, could fall easily if an employee on the inside clicks on a malicious link or uses 123456 as their password.

Despite well-publicised campaigns from cybersecurity experts and the government, weak passwords are still a soft route in for hackers. SplashData’s annual Worst Passwords of the Year list is compiled by analysing millions of passwords leaked online. In 2018, once again, the top password was 123456 and the second was password. Coming in at number 12 was admin, which is frequently the default password and shows many people don’t realise they need to set up hardware devices securely.

It’s not easy to keep track of the vast array of passwords needed to navigate modern life. You tend to put an initial effort into setting up a banking and mobile phone password, but after going through multiple shopping sites and every household bill, password fatigue will often set in. 

One answer is for small businesses to take the burden of password creation from employees. A password manager is an inexpensive piece of software which generates complex passwords that access your network and then stores them in an encrypted database. 

You should also consider two-factor authentication. This requires you to need something else, other than a password to log in. For example, this could be a security code which is texted to your mobile phone. This extra layer of security can help to weed out a malicious access attempt where the hacker has managed to crack your password.

It’s no surprise that so many businesses fall to email phishing attacks. This is where hackers send you a link that will infect your computer with malware, but disguised as a real, valid communication. Whether your business is big or small, cybersecurity starts with educating your staff on what they can do to protect your company and themselves. Without a policy in place or processes to help show workers how sophisticated phishing can be, people will click on these links, creating back doors for cybercriminals.

Modern-day phishers use social media and business networking sites to hone their attack styles and target specific people. Gone are the days where you’d get a generic email saying, “You’ve won a prize, just click here!” Instead, you get a well-crafted, personal-sounding email that might target you through your hobbies, what kind of pet you have or the football team you support.

The only way to combat these expert attacks is through education. There are tools that you can use to phish your own business and look for any weaknesses. Educate your employees about phishing, how it works and how important it is to monitor privacy levels on social media and business networking sites, both for your sake and their own. Crucially, keep revisiting the threat so that wariness stays fresh in everybody’s minds. Both the government and other sites offer advice on the latest scams so you can stay up-to-date.

Crucially, cybersecurity defences don’t need to be expensive. You don’t need expensive software, complex penetration testing or in-depth cybersecurity audits. What you need are simple, cost-effective solutions.

The first step is to take the first step – acknowledge the cybercrime risk and decide that your company needs to confront it.

Then look for the tools that will empower your staff to help protect your business. We’ve already talked about password managers and two-factor authentication. Encryption software for data is another cost-effective solution. It might seem obvious, but traditional anti-virus and anti-malware software that regularly update are invaluable first gatekeepers.

A forward-thinking cybersecurity policy stays on top of a number of key issues. You need to ensure that staff accounts are regularly surveyed and close those that are no longer in use or those that belong to employees who have left the company. It’s also important that operating systems, firewalls, firmware and other key software are kept up-to-date. 

A forward-thinking cybersecurity policy stays on top of a number of key issues. You need to ensure that staff accounts are regularly surveyed and close those that are no longer in use or those that belong to employees who have left the company. It’s also important that operating systems, firewalls, firmware and other key software are kept up-to-date. 

Once you’ve changed the attitude within your business, you’ll stop seeing people as the weak link in the cybersecurity chain. Instead, they’ll be a key part of the solution to protect your business and your sensitive data.