Small business owners often mistakenly assume that cyber criminals are unlikely to target them. However, the reality is that 43 percent of cyber attacks target small companies.

Small businesses face significant challenges in securing their data and their networks. They lack the expertise to implement the types of solutions that can secure their systems and networks against the full scope of modern cyber threats. With this in mind, here are some best practices to best protect your small business against a cyber attack.

Basic Security Awareness Training

Basic security awareness training improves the overall information security profile of small businesses. It’s often the case that data breaches or phishing attempts succeed due to a lack of basic security awareness knowledge among employees at small businesses.

While you’re unlikely to have the resources available as a small business to teach employees about advanced security threats, covering the basics in a brief training course often suffices. The point is to prevent the types of frustratingly preventable incidents resulting from human error.

Basic security awareness training should cover some or all of the following principles:

• Not opening suspicious emails
• Not clicking on links or attachments from unknown email addresses
• Only visiting approved websites in line with the company’s Internet use policy

It’s best to view security awareness as an ongoing project rather than a once-off session. To this end, you can purchase security awareness training materials and request employees to refresh their knowledge once or twice per year. If budget is a problem, there are some actionable and useful YouTube videos covering the basics, such as this one.

Regularly Update Your Software and Operating Systems

Regularly updating your software and operating systems is a simple yet powerful tip that immediately reduces cybersecurity risks for businesses of all sizes. There are cyber criminals who spend all day trying to exploit companies running outdated software or operating systems. Often, the reason updates are released for applications and operating systems is to address security loopholes that were flagged as vulnerable.

It’s worth noting that there typically comes a point in the lifecycle of software that the developer stops supporting it with updates altogether. This makes running really outdated software a very risky practice for businesses.

Many different software applications come with automatic updates. However, critical updates for operating systems still often require manual approval by users of those systems. A delay to take action and update as soon as possible can be critical.

The WannaCry event, which was one of the most damaging worldwide cyber attacks in recent years, was successful precisely because so many organizations failed to implement updates on time. When updates become available for software and operating systems, it’s best to approve them straight away.

Implement Multi-factor Authentication

Multi-factor authentication prevents unauthorized access to systems or apps by requiring users to provide two or more pieces of evidence to verify their identity. The point is that if someone gains access to a user’s credentials, they can’t log in to the system because they don’t have the other evidence needed.

Most people are familiar with multi-factor authentication in action when they log into their Internet banking. Typically, you need a password stored in your memory and a one-time code sent to your phone to successfully log in to your Internet banking.

When it comes to easy wins that dramatically enhance the security of key business apps and files, multi-factor authentication is a no-brainer. If you’re concerned about the cost and complexity of using multi-factor authentication, don’t fret. Most people are familiar with multi-factor authentication. Additionally, several popular software and cloud vendors implement it for free, including:

• Slack
• Google Drive
• Amazon Web Services
• Microsoft

If you have a small office with a few workstations and you’re concerned about security, there are solutions available that can enable multi-factor authentication for workstation logins. In reality, multi-factor authentication for your key business apps should be sufficient to prevent the majority of potential incidents from stolen passwords and user credentials.

Use the Least Privileges Principle

The principle of least privileges provides a useful conceptual guideline to reduce cybersecurity risks. The principle works by only allowing users access to the systems, data, and software that is absolutely necessary to perform their daily tasks. The idea behind this cybersecurity best practice is that it limits administrator privileges to a select few users who actually need those privileges.

Excessive administrative access increases the surface area for cyber attacks because administrators typically have unrestricted access to particular systems or data. It might seem off-putting as a small business owner trying to foster a sense of trust with employees that you should limit their access to systems. Proper enforcement of this cybersecurity best practice shouldn’t make a difference to end users because you’re giving them only the access they need.

Outsource Your Information Security

Some small businesses might want to consider outsourcing the complexities of information security management to an expert company specialising in this area. Managed IT security services can help implement proactive solutions to deal with malware, ransomware, and the threat of data theft.

While hiring a managed IT services provider adds an extra cost to your profit and loss statement, it’s worth bearing in mind that this often works out as a fraction of the cost of hiring an in-house dedicated cybersecurity team. And if you want to think of the big-picture costs, remember that 60 percent of small businesses fold within six months of a successful cyber attack.

Have A Solid Password Policy

Changing passwords regularly and trying to remember complicated passwords can be a pain for you and your staff, but it’s worth the effort. A solid password policy reduces the risk of data breaches and other incidents resulting from weak passwords.

Many hackers attempt to gain access to systems by using brute force automated tools that can guess hundreds of thousands of password combinations per minute. The more constraints you add to a password, the harder it becomes to crack.

At a minimum, require employees to use uppercase, lowercase, and numbers in their passwords. An even better tactic is to have a minimum length for passwords. In an interesting case study, it was found that an automated tool can crack an 8-character password in 3.75 days, but cracking a 28-character password would take 17 years. Asking people to remember 28 characters is probably not realistic, but the point is the longer the better.

Install Antivirus

As a ‘bare essentials’ cybersecurity best practice, you should install antivirus on all devices used in your small business. The scope of antivirus software should stretch to any BYOD laptops, tablets, and even smartphones that access your network, your data, and your key business applications. A reputable name within this space is Avast, but there are many vendors with cost-effective solutions.

Antivirus software won’t protect you from every type of attack but it provides a solid foundation to defend against:

• Malware
• Trojans
• Worms
• Adware

Regular antivirus scans can automatically find and delete suspicious files. Depending on the nature of your company and whether you collect sensitive data, you might want to consider more feature-rich premium solutions that cost a bit extra. In a cybersecurity landscape of constant threats, antivirus solutions provide peace of mind to small business owners.