“Cybersecurity is only for big companies.”

“We have nothing to hide/nothing valuable. Why would anyone attack us?”

“This security thing is too expensive for us.”

These are just a few of the most common responses I hear when I talk to small businesses about the risks of online life.

No matter the size, small or large, all businesses have customers, the data of these customers and some sort of IP that makes the business unique. How would you feel if all your client information was listed on the internet? How would your reputation hold up if someone started spamming your clients, impersonating you, so your clients would think the spam is from you?

Most attacks are simply about the opportunity and are usually carried out by bots (programs), not by humans. If you are a target easy enough, they will give it a go. They have nothing to lose after all, but if they get in…

Before we move on, let’s play a game. How many areas that should be protected/dealt with can you name? Pause here and have a think.

Do you have your list?

Let’s see how you did

1. Endpoint protection

Why the fancy name for the antivirus? Because that just doesn’t fit anymore. An endpoint can be your phone or tablet, not just your computer. Yes, your phone should be protected as well. Usually, a phone has access to more data than a computer.

A good quality endpoint protection does way more than just checking code on execution. Protects the browser, your browser data, emails and many more. Here the “you get what you pay for” is very accurate. Good protection needs a lot of R&D that requires a lot of resources. Cheap tools cannot do that great job here and, as a result, won’t protect you as well. Nope, the antivirus built into Windows (Defender) is not good enough.

2. Patching

Many attacks rely on vulnerabilities. What’s the most effective way of protection? Apply the patches that, well, patch these vulnerabilities. No, I don’t mean just Windows. I mean everything that touches your network. Your apps, your mobiles, your network devices, your modem, your printer, your website, …

3. Backup

Your data is your most valuable asset in your business. Period. What would happen if all the data from your business was gone from one day to another? I mean all of it, even the bits you (think) you remember. Things can go wrong is many ways. Hardware failure, human mistake, malicious act (internal or external) and so on. More on this topic in another article from me.

4. Passwords

Believe it or not, ‘password’ is still one of the most common passwords. The second one in 2022, to be specific. “I don’t do that” I hear you saying. On how many sites do you use the same password? After poor quality passwords, reusing the same one is the second worst problem. Save yourself the trouble of remembering (and reusing them) and use a password manager.

5. Email protection

“Send me moneyz” asked the wealthy and distant relative from Nigeria. Yes, 25 years later, this attack is still working, and people still fall for it. Phishing, malicious attachments, “super deals” that lead to dodgy websites and so on. A secure email gateway can catch all of these and do a lot more for you.

6. Data encryption

Let’s assume your computer (and all the data it stores) gets into unwanted hands. “It’s protected by my password. They won’t get to my files” you might say. Well, your password might slow them down to fire up your computer indeed, but that’s not the way. Just plug that drive into another computer, and voila, there is your data. When you encrypt the data, without the key, the other computer will see only gibberish but nothing useful.

7. You, the user

No tool is perfect, and no tool catches everything. Your common sense is still one of the most effective tools. If a deal is too good to be true, most likely it is. If this is one of the best tools, then why not rely just on this? Because this is the last line, and it fails you very easily. You might be tired, or not 100% focused and there you have the trouble. I successfully phised very skilled CTOs with a simple free Pizza Hut pizza coupon around lunch time (within training, not for malicious purposes).

8. Support

What do you do when the trouble hits? Do you run around and Google things like crazy or do you have a reliable support you can lean on at any time? If you have only random information, do you have the time and focus to vet and validate the ideas?

In an attack, you will lose your calm because you are not familiar with the situation. You need someone who does. Being calm and focused is key to act quickly and efficiently.

This is by no means a comprehensive list but it gives you a good idea of the level of complexity and where to start. Just like insurance, it is cheaper to prevent/protect than to deal with the damage.