SME Cybersecurity: 8 Simple Tips to protect your company

The year is 2019, and we now have a series of companies popping up on the daily. These companies, like any other, aim to solve unique consumer problems while also turning a profit. That said, one of the things they fail to consider is how strong their cybersecurity profile is.

In the US alone, about 47% of small businesses have suffered cyber-attacks of one form or the other. Even more alarming is the fact that many of them did not recover.

If you are also a small business owner, here are some important tips for better cyber protection.

1. Identify Risks

You cannot properly protect something if you didn’t know it was a risk in the first place, or how much of a risk it might be.

On the first hand, identify your key assets within the institution.

What are the trade secrets, internal business ingredients, financial details and such other sensitive documents that should never see the black market? Once you have an idea of what these are, you should get onto the best modes of protecting them.

Thus, you can make better decisions about what to keep in cloud storage, which can be shared via mail, etc.

2. Set User Permissions

One of the biggest mistakes small companies make is giving everyone access to everything. Of course, this could show that you trust all the employees with information and data flow – but that also means you are making each and every one of them a target.

While information should be properly disseminated, not everyone should be privy to every piece of information.

For example, the office interns have no business with the database of users that the business serves. Likewise, people from accounting should not even know what the password hashes look like.

That way, you can easily know where a breach is from – the region of those who have access – and contain it best. That is if a breach ever happens at all.

3. Train Employees

Even if you had the tightest cybersecurity protocols in place, it takes a single human error to undo all the good you have done. Therefore, it becomes important to invest in quality cybersecurity training for everyone on your payroll who would be handling sensitive data of any kind.

By extension, the training should be extended to members of staff who are not handling any key piece of info too.

They might not look like potential targets, but hackers could use them as a means to an end. After all, hacking their computers could be the gateway into your servers from where just about anything can be done.

4. Update! Update!! Update!!!

Your company will have certain software it relies on. When updates for these programs roll out, your IT team should ensure everyone gets it ASAP. The same can be said for system-level updates and upgrades too.

Sometimes, these updates come with aesthetic improvements to the program/ system. More often than not, though, they will be shipping with bug fixes, patches for vulnerability and updated security definitions.

Those are the things you never want to miss out on, lest you fall victim to a patched fault.

5. Improve password habits

Everyone wants to create a password they can easily remember when they are logging into their accounts. In the same vein, many will use the same password for multiple accounts so as to improve their chances of remembering their login details.

Nothing could be poorer than those.

Employees should be encouraged to set unique, complex passwords for each and every account they own. Since that can become something of a hassle, solutions like LastPass come with a password generator to handle such cases.

Best believe any password this generator returns will take the best hackers several years to get through.

Remembering the passwords is another issue on its own. To get around that, LastPass also provides a password management and storage feature. With its sync feature, employees can always access their important passwords on the go without having to dial down on complexity and security.

6. Trust your hardware

Always purchase hardware from trusted suppliers. No matter what deal you are getting from that new guy in town, you would most likely be paying for it in another way. Woe betides the business if the currency is ‘data’ – yours!

Fortunately, OEMs are also understanding the place of improved security for consumers. That is why manufacturers like HP have gone the extra mile in adding LastPass (discussed above) and ExpressVPN to its new units.

With a Windows VPN and password management service on board, online security is beefed up better than before.

7. Back up your files

A good plan against cyber-attacks is not just one that fortifies the company against anything going wrong but prepares it in case the worst happens too.

To embrace the latter case if it ever presents itself, keeping a backup file of every piece of important data becomes important.

It is advisable to have two different forms of backup – both online and offline. That way, even in the most serious of attacks, the systems can be wiped and restarted with the last backup.

8 Respect, and Fear, IoT

New generation companies are getting it right out of the box, scaling effectively and delegating tasks with great acumen. With technology on their side, they get to automate a lot of the business processes, providing for a seamless workflow and reduced time of execution.

Since the Internet of Things (IoT) being at the heart of many of such practices, it should also be noted that they could be the biggest Achilles heel a company could ever have.

Any company working with IoT needs to know that a lot of these devices are inherently flawed. However, proper management is all that’s needed to keep them in order.

By ‘proper management,’ we mean isolating units on different networks, setting strong passwords for these devices, updating their software regularly and of course, encrypting the network connections they will be run on.


Any small to medium-sized business can base its cybersecurity blueprint on the above steps.

Furthermore, we recommend bringing in a security expert to do a complete status audit for your business. That way, you have a sure knowledge of where you stand whenever hackers are coming your way.

Images from