How to protect your small business from cyberattacks

But even the ones that have managed to keep their doors open and who are preparing for a semblance of normal operating conditions for the rest of the year and into 2022, there is another issue to keep in mind: the rise of cyberattacks targeting entrepreneurs and smaller companies.

In line with #CyberMonday today, 29 November 2021, Kaspersky shares insights and advice for entrepreneurs and small, medium and micro enterprises (SMMEs) on keeping staff, the business and its data safe in a digitally-driven environment.

Protecting the cloud

First and foremost, there is no getting around the fact that remote working will be here to stay. This means small companies have come to rely on the cloud to provide employees with access to data, applications, and other things critical for them to accomplish their daily duties. But in the rush to go the cloud route, security must not be neglected.

This is especially the case if a small business only has cybersecurity solutions in place that are designed for traditional office networks. These may no longer be relevant in the migration to the cloud. Entrepreneurs and SMMEs must therefore take a closer look at what their protection requirements are based on the infrastructure they are using.

In basic terms, this means the business must look at tools that provide complex threat detection across any cloud environment, whether they are making use of private, public, hybrid or multi-cloud environments.

Safeguarding employees

We also recommend the following actions to help keep remote employees safe from cyberattacks:

• Open and honest communication. Employees seek cues from their managers on how to react to crisis situations. Organise Ask Me Anything sessions with the company’s top management so that they can talk to employees about how the business will continue working in the new circumstances.
• Run surveys to understand the emotional state of employees, their workload, if they have everything they need for remote working, and if they have clarity on the business processes. This gives a better understanding about specific circumstances people are in today and helps to make more balanced decisions.
• Help employees manage information overload and the feeling of being overwhelmed at this uncertain time. Keep teams informed of the facts and current situation, as well as on how to stay safe and healthy – on and offline.
• Create HR and IT online communication channels so that everyone can easily solve their issues. Provide guidance for all employees on how to enable remote working and use certain software. It can be done through webinars or group calls.
• Educate employees, continuously, about sound security practices when working remotely, including how to avoid becoming a victim of email or web phishing, or how to manage accounts and passwords.

Security on a budget

Of course, budgets are tight perhaps more so now than ever before. But effective cybersecurity protection does not have to cost an arm or leg. In fact, SMMEs and SMBs can spend a whole lot less on security, while still ensuring safe working conditions of employees, just by following these tips:

• Check free guidelines on spending less on IT, communicating with customers securely, working with freelancers and many more in Kaspersky Cybersecurity On a Budget platform. It only takes a few minutes to read and is easy to implement.
• When processes are in place, educate employees to use basic security practices for remote work, such as avoiding becoming a victim of email or web phishing or how to manage accounts and passwords. Kaspersky and Area9 Lyceum have created a free course to help staff work safely from home.
• There are various security products that ensure safe use of cloud services – messengers, social media, and collaboration tools. Kaspersky Endpoint Security Cloud is one of them.

Reshaping working processes has become a crucial task for many business owners and executives to save jobs and maintain operations.

Fortunately, there are many easy-to-manage services available, including free ones so they can do this even if they do not have a dedicated IT administrator or additional budget. And when it comes to safeguarding staff, the business and its data in the digital environment there are two critical principles: firstly, people must become the first line of defense for the business.

This means ensuring all digital tools are used safely and that employees are continually informed and educated on security awareness and best practices.

Secondly, is that cybersecurity is not a once off or shotgun approach. It requires the entrepreneur or business leadership to continually review whether what is in place is sufficient for the priorities of the business.

To read more on how small businesses got through 2020-2021, please read our report here.