Cyber Best Practices for Small Businesses

Small businesses without full-time IT staff are often targeted by cybercriminals. While this can seem frightening, the good news is that by following cyber security best practices, we can stand tough against cybercrime.

What is cyber security?

Cyber security measures are put in place to protect computers, networks, and data from online threats. These collective measures include technical controls such as antivirus software and non-technical measures such as training and education.

View Options Again

Websites that infect your computer with a virus. The protection of computers, networks, and data from cyber attacks, data breaches, and other online threats. A way to restrict you from working freely. The use of security guards to protect people, assets, and facilities.

What is NOT a way to secure a small business against cyber attacks?

There is no silver bullet or "fix-all" solution to protect your business against cyber attacks. Keeping your systems up to date, using strong passwords and creating regular backups are all great steps to reduce your risk of a cyber attack.

View Options Again

Keep your systems up to date. Create backups of your important information. Use strong passwords and Multi-Factor Authentication (MFA). Rely on your antivirus software to stop all threats.

Goals of cyber security

The goal of cyber security is all about enabling businesses to adopt digital technologies in a safe and secure way. Depending on your priorities, the following principles may apply.

Confidentiality refers to protecting the secrecy of information and systems. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.

Integrity refers to the measures taken to protect information from unauthorized alteration. These measures provide assurance in the accuracy and completeness of data. The need to protect information includes both data that is stored on systems and data that is transmitted between systems, such as email.

Availability refers to ensuring that authorized users have access to information and systems when they need them. This means protecting against attacks that can disrupt access or cause them to become unavailable. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.

What is Multi-Factor Authentication?

MFA is an authentication method that requires more than one verification factor to validate a user's identity by using something they have, know, or are.

This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.

This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorized access when the user is not physically present.

This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorized access when the user is not physically present.

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

View Options Again

Entering a password and receiving an SMS to verify your identity. Writing your secret information in a diary. Letting only one other person know your password. Changing your passwords on a regular basis.

Which of the following is NOT a type of cyber threat small businesses might face?

Whilst physical threats are real dangers to businesses, they are less common than cyber threats facing businesses, such as phishing scams, malware, and unsecured networks.

View Options Again

Malware and ransomware. Unsecured networks. Phishing scams. Natural disasters.

Education is key when securing your business from cyber attacks.

Employees can be the first and last line of defense against cyber threats. It's important to make sure you know about the threats you could face and the role you play in keeping the business safe.

Cyber awareness involves being mindful of cybersecurity in day-to-day situations. Be aware of the dangers of browsing the web, be aware of email scams, and remain cautious when downloading files and clicking on links. Thinking before you act.

Cybersecurity education is important because it helps individuals understand how to protect themselves while browsing the internet and becoming experts at spotting the phish. Armed with this knowledge, you can become a barrier of defense for your company against potential threats.

It is important to have clear policies in place that outline the acceptable use of company resources. An example of a policy is what app you use to communicate within your organization so that way you know if someone messages you on a different app, your guard will already be up. This policy would make it easier to spot the fish or detect the scam.

Is the following statement True or False:
It is my company's responsibility to make sure I don't receive or click on suspicious emails.

Whilst your company may use advanced techincal methods to try detect and stop suspicious emails, the reality is that some will get through. It is your responsibility to call on your training and use caution when a suspicious email comes your way.

View Options Again

True False

Learn how to spot the phish

Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.

Compose

Folders

Inbox 6
Starred
Draft 3
Sent Mail
Spam
Trash

[URGENT] Claim Your Work From Home Set-Up Payment

Human Resources ( human-resources@webnotifications.net )to john.doe@mybusiness.com

Dear John,

Claim Your Work From Home Set-Up Payment

Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of $1500.00 USD to ensure that you have a suitable home working set-up.

To receive the payment via payroll, you will need to complete this acknowledgement form .

For more information on how to set up your home office space safely, please look at the:
https://www.workingfromhome.hr/arragements/concur/apps/track

Thank you,
The Human Resources Team

***This is an automatically generated email, please do not reply***

What can I do as an individual to do my bit to secure my employer?

Whilst all of the options may be good ideas, learning to spot phishing emails and reporting them to your IT team is how you can help your employer. By doing this, you are part of the defense against threats.

View Options Again

Learn to spot phishing emails and report them to my IT team. Make sure I only open emails from people I know personally. Always listen to what my boss says. Make sure I don't use my personal phone during work hours.

Protecting your company from cyber criminals is a team effort.

We each need to do our bit to ensure we're following cyber security best practices and reduce the risk of a successful cyber attack!

Cyber Best Practices for Small Businesses

What is cyber security?

Cyber security measures are put in place to protect computers, networks, and data from online threats. These collective measures include technical controls such as antivirus software and non-technical measures such as training and education.

What is NOT a way to secure a small business against cyber attacks?

There is no silver bullet or "fix-all" solution to protect your business against cyber attacks. Keeping your systems up to date, using strong passwords and creating regular backups are all great steps to reduce your risk of a cyber attack.

Goals of cyber security

What is Multi-Factor Authentication?

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

Which of the following is NOT a type of cyber threat small businesses might face?

Whilst physical threats are real dangers to businesses, they are less common than cyber threats facing businesses, such as phishing scams, malware, and unsecured networks.

Education is key when securing your business from cyber attacks.

Is the following statement True or False: It is my company's responsibility to make sure I don't receive or click on suspicious emails.

Whilst your company may use advanced techincal methods to try detect and stop suspicious emails, the reality is that some will get through. It is your responsibility to call on your training and use caution when a suspicious email comes your way.

Learn how to spot the phish

What can I do as an individual to do my bit to secure my employer?

Whilst all of the options may be good ideas, learning to spot phishing emails and reporting them to your IT team is how you can help your employer. By doing this, you are part of the defense against threats.

Protecting your company from cyber criminals is a team effort.

Is the following statement True or False:
It is my company's responsibility to make sure I don't receive or click on suspicious emails.