Steps to protect small business from no-small cyberwoes

April 14, 2015

Security is a tough matter for small businesses for multiple reasons; startups and small entities tend to save on their IT wherever possible, and that’s where security failures are common. Up to 31% of all cyberattacks are directed at businesses with less than 250 employees. There are just a few important steps that any business should take to strengthen its security. Simple things should go first: identify what data are critical and should be protected as such, use the proper security solution, etc.

A few extra recommendations:

  1. Educate…

…yourself and your employees about cyberattacks, malware, phishing, malicious sites, etc. Most of the threats require a certain degree of “cooperation” from the end-users, and if they know how to counter this and how to avoid getting trapped, protection becomes much easier.

However, this must be a continuous process and the employees should be trained regularly, since situations with cyberthreats tend to be extremely volatile.

Take a look at this post about cybersecurity education.

  1. Use strong passwords and/or a password manager

There’s a joke making the rounds on the Web: “Bad guys have hacked my mail. How could they have guessed that I’ve set as my password the year of St. Dominic canonization?!”

And St. Dominic had been canonized in 1234.

On a serious note, in the list of “The 25 Most Popular Passwords of 2014“, “123456” and “password” still hold top positions, which makes the criminals’ life a bit too easy.

It’s one of the first rules of cybersecurity to use complex passwords which include both symbols and digits, and are NOT dictionary words.

A good password manager, such as the one shipped with Kaspersky Small Office Security, also simplifies the chore of memorizing dozens of passwords. All you need to remember is just one good combination.

…And don’t write the passwords on the sticky notes for all to see!

  1. Keep the most important data most safe

Even if your business is a small undertaking, as soon as it is viable, it has something – some information – that may draw interest from cybervillains. So it’s logical to assume that this information needs extra safeguarding.

First of all, some critical data should be kept “cold” – in an offline storage, while the entire infrastructure should be protected with a security solution, tailored specifically for smaller businesses.


What else can be done? Take a look at this presentation about the steps to protect businesses.