A cybersecurity guide for small, low-tech companies

Why your business could fall victim to cybercrime and how to prevent it


Why is there a problem?

Why should I worry about cyber security? My business is small and almost non-tech.

Regardless of the size or industry of your business, you are always at risk of being targeted by cybercriminals. While it is historically true that small businesses are not typically targeted for their money or data, they can still become victims of cyber attacks. In fact, many small businesses are targeted as part of a supply chain attack, in which the attackers aim to gain access to a larger, more lucrative target through a small business that has a trusted relationship with that target.

Imagine you are designing brochures for, say, a bank. That means the bank personnel already knows you and would trust you better than a complete stranger. So people in the bank’s marketing department would probably be less careful about opening files and e-mails from you. What would happen if someone else send these emails from your original address?

Suppose you are the baker, delivering your products to the local office building from time to time. In this case, someone who pretends to work for you would get less attention from the security guard, therefore, having a better chance to access restricted areas in the building or utilize some hacking hardware.

And what if you are an accountant who login into the client’s internal website to read some financial updates? What would happen if someone else using your credentials login into that website and cause a data leak or further access to the client’s systems?

Attacks on suppliers, are a real and growing threat. But even if your business does not work with larger companies, you may still become a victim of cyberattacks. Your internet and internet-connected assets, such as your website and social media accounts, but even smart devices or security cameras you use, can be used by attackers to hide their attacks on other businesses. This is the second most common reason why small businesses are targeted by cybercriminals.

Therefore, it is important for all businesses, regardless of size or industry, to prioritize cybersecurity and protect themselves against potential threats.

Answer the following questions:

  • Do you have any business assets connected to the internet at your business location? Any of your connected assets known to be owned by your business?
  • Do you have a publicly known business e-mail address?
  • Are you known to work with large companies?
  • Do you have a website or well-developed social networking accounts?
  • Are you known to be trusted with secrets and highly sensitive information? For example: as an accountant, a financial adviser, an architect, private doctor?

Every “yes” to any of these questions increases your chances of becoming a victim of cybercrime. And if you have said “yes” at least twice, you should seriously consider taking precautions.


What to do?

So what should you do to mitigate this risk? Observe cyber-security and cyber-social hygiene.

  • Keep software and operating systems up-to-date with the latest security patches and updates. It is also applies to assets you use, such as printers, cameras, mobile apps, smart devices.
  • Use strong, unique passwords for all accounts, and try to change those passwords regularly. Consider using well-known, preferably offline, password managers.
  • Regularly copy important data and store it offline or seek professional help regarding backup processes. It will protect your entire business not only from security threats but also from equipment failures.
  • Seek professional help if implementing firewalls, networks, and websites is not your area of expertise while you have to deal with them.
  • Train your employees to recognize and avoid common cyber security threats thats include calls or emails in which someone asks for private information about your business, such as your assets, clients, or how your business operates, etc. Train yourself on these threats too. Consider seeking professional help for physhing and social engineering awareness training.

In addition to protecting your business from potential cyber attacks, you should also take care of your online presence. This is known as practicing good cyber social hygiene.

  • Keep personal information (such as date of birth, address or phone number) as private as possible and do not share it with strangers online.
  • Use strong, unique passwords (I know, but it’s really important) for all online accounts and enable multi-factor authentication where possible.
  • Be careful about posting information about your clients, work you have done or details about projects, especially if you don’t have many clients.
  • Don’t even post information to the social media account descriptions, messages and forms unless you are absolutely sure it is necessary and secure. Think about everything you don’t want complete strangers to know about you.
  • Be careful with business and personal celebrations. Dates, numbers, location are probably not necessary for everyone to know.
  • Be mindful of the information you post online, and consider the possible consequences of sharing it.

These seem like difficult rules to follow, but in practice, behind these recommendations are the same practices you probably already follow when running a business in the non-digital world.

Stay vigilant.

If you are keen to learn more, check this link too: ready.gov: Protect Yourself Against Cyberattacks