How do I protect my small business from cyber attacks

BlackStone Associates

05 January 2019

Although organisations of all sizes are targeted by cyber criminals, small-medium-enteprises (SMEs) have become the preferred target. Part of the issues SMEs face is the lack of resources & depth of expertise. They simply do not have the time, money, or dedicated staff to stay ahead of these attacks.

  • Home
  • Articles
  • How do I protect my small business from cyber attacks

How do I protect my small business from cyber attacks


Whilst it can be daunting to stay on top of your cyber security needs to protect your intellectual property and minimise the frequency of data breaches. The other part of the issue is perception.

Most SMEs don't see themselves as being at the risk level as their enterprise counterparts because they believe their data isn't as valuable, although they can also be a foothold for attackers to gain access up the supply chain of larger organisations.

According to the latest research (Hiscox, Department for Digital, Culture, Media and Sport):

- Around a third (32%) of businesses report having cyber security breaches or attacks in the last 12 months.
- In 30% of cases, this resulted in a negative outcome, such as a loss of data or assets.
- More than 60% of firms having reported one or more attacks - up from 45% in 2018.
- The percentage of firms scoring top marks on cyber security had fallen, with UK organisations doing particularly badly.
- Only 27% (under three in ten) of businesses have a formal cyber security policy or policies.

It's necessary SMEs take their security priorities seriously, and they get back to some of the basics of cyber security.

1. Lockdown administrative access

One advantage SMEs have is the relatively small amount of priviledged accounts they need to manage and audit. Make it part of your weekly routine to look who has admin priviledges and shut down access to anyone who shouldn't have full permissions to these accounts.

2. Don't overlook cloud security

If you're like most SMEs, you're probably already running an element of your business from the cloud, whether you're using software-as-a-service, cloud infrastructure environment, VOIP telephony, or more. However, as an SME, you need to make sure you are implementing the correct and proper controls and configurations, and have visibility into the accounts to mitigate the potential of account takeovers.

3. Identify your weak points

Take the lead and identify the things you can't do, either due to time or resources. Some items for the "can't do" list could include things like penetration testing, risk assessments, security operations centre (SOC), forensics and large scale incident response.

This may mean partnering with a trusted managed services provider like BlackStone Associates, who provide a wide array of cybersecurity solutions for SMEs.

4. Focus - establish a scaled down, flexible incident response plan

Having an 80-page incident response plan that no one reads isn't feasible for a SME. Keep your incident response plan nimble by only including a few sections and a notification chain. However, it is imperative you keep this updated on a regular basis - at least annually.

5. Establish a backup strategy - Communicate it. Test it.

Regular backups are vital insurance against a data-loss catastrophe. Developing a solid backup plan requires an investment of time and money, but the cost is far less than the burdensome task of recreating data for which no backup exists. Develop a written backup plan that tells you the what, where, how, who and when of your backups.

Think beyond just your office and its computers and perform regular tests by restoring a few files to a different computer at a different location so you can test your plan before you actually need it.

6. Ensure your systems are kept patched with the latest updates

Squasing vulnerabilities is like being a participant on Wipeout. You feel outnumbered, outmatched and exhausted. One of the most important aspects of patch management is staying on top of the next patch. You should have this in your calendar as part of your weekly or monthly "maintenance" checklist. Pay attention to notification from the vendors so your systems stay up to date.

7. Lock down VPN access

With a smaller number of users, you need to keep track of who's logging in via the VPN and only enable the service to those with a need. Make sure that as employees are hired or leave that you update their access accordingly and include this as part of new user set up or off-boarding checklist.

8. Establish, update and communicate your password policy

With a small IT team, the last thing you need them to be doing is password resets for staff who have locked themselves out of their systems. A little training will go a long way, so update, communciate and teach your staff to create a long unique password phrase that they'll remember, and establish a technical control for a longer period. Password managers can also be helpful for setting up unique passwords.

9. Assess and tighten your inbound and outbound traffic

Depending on your industry, it could be difficult to monitor all inbound and outbound connections for SME staff. However, with a smaller pool of users, it can be easier to lock down your traffic. Do you use SSH, FTP? If not, lock down those inbound/outbund services. Having a smaller pool of users will mean your operational needs are most likely to be condensed, therefor limiting your attack surface.

10. Malware, DDoS attacks and phishing protection

Are your systems protected from malware to prevent the download of infected files or installation of suspicious software? Make sure there is a malware policy in place to ensure up to date malware protection and that it cannot be bypassed by users. with a smaller pool of users, it can be easier to lock down your traffic. Do you use SSH, FTP? If not, lock down those inbound/outbund services. Having a smaller pool of users will mean your operational needs are most likely to be condensed, therefor limiting your attack surface.





Next: IT considerations when moving offices
What we can offer

BlackStone Associates provides valuable Technology advice for Small and Medium Businesses without binding, long-term contracts. We also provide cost-effective Cyber Security Advisory, IT Assessments, Call Audits and comprehensive IT Support Services so you can avoid unnecessary expenses.

With offices in Windsor, just outside of London, our team of experienced IT Support specialists and IT industry consultants take the time to understand more about your business and your goals, enabling us to best advise around the use of technology.

If you would like to find out more about our Project Management and Advisory Services, or how our IT support services can protect and grow your business, click here to book your free consultation call or call us on 01753 369 050.

About BlackStone Associates

Established in 2014, BlackStone Associates is a leading provider of IT solutions and critical IT Support in Berkshire, Buckinghamshire, Middlesex, Surrey & London. Offering a complete portfolio of innovative and robust IT services that enable businesses, of all sizes and sectors, to create modern-age, digital workspaces, that are designed to scale and support the current and future demands of its workforce.

Ready to discover more?

We're here to help. Take the first step to getting expert advice.