Cyber security 101: How to keep your business data safe

As if business owners don’t have enough to think about, the likelihood of a cyber incident continues to grow. According to the Hiscox Cyber Readiness Report 2023, the average U.S. business with fewer than 250 employees faced four cyber attacks in a 12-month period, up from three the prior year.  

There are multiple risks: a data breach, ransom demands, fraud, and more. Good cyber hygiene will go a long way toward protecting your data, which may be your business’s biggest asset. 

Here’s a step-by-step guide to the basics of cyber security for small businesses.  

1. Use multifactor authentication everywhere

Having to wait for a code to verify your identity before logging on to a website, especially one you use frequently, is annoying. But it’s a great way to thwart cyber criminals before they can get into your system.  

Here’s why: Even if you are careful about using strong passwords and changing them frequently, it’s likely at least one of your user name and password combinations is on the dark web. This allows threat actors to log into your account. But if you then have to enter a security code that’s been sent to your mobile device or email, that’s another hurdle to accessing your data. The hacker could run a program that tries various permutations of the code until they get it, but it’s more likely that they will just give up and move onto another account that’s not as well protected. Multifactor authentication works, and, while it can be inconvenient, it’s effective.  

2. Install a firewall

📌 According to the Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, a firewall “provides protection against outside cyber attackers by shielding your computer or network for malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet.  

There are hardware and software firewalls. Hardware firewalls, sometimes called network firewalls, are connected to your computer and to the internet, basically interrupting the direct connection in between. Your internet service provider may offer a router that includes a firewall. These devices are effective for networks that include multiple computers as they can stop nefarious activity from attempting to access the network. If you’re going to add a network firewall to your system, it’s best to have it installed by a professional.  

Software firewalls are included with most operating systems like Windows and Mac iOS. These systems can be used in conjunction with a hardware firewall, so be sure to enable them even if you also have a network firewall. Note that a software firewall, because it is located on the same system you’re trying to protect, can interfere with the software’s ability to detect malicious activity. You’ll also need to update the firewall on each computer if you have multiple machines.  

Which type of firewall is right for your business? This can depend on a few different factors, including the number of devices you’re trying to protect. An IT consultant can help you determine that right one for you, but the best firewall is the one that you will use and maintain to ensure that it is effective.  

3. Back up your data

Having a separate copy of your data on another device is the best way to get your business back up and running if your network experiences a cyber incident. You can back up your data in several different ways.  

You can use an external hard drive or a USB flash drive to back up your data. Be sure to back up regularly and store the device in a safe place.

You can back up your data to the cloud, using a number of commercially available options. Some of these products will continuously back up your data, while others require you to copy files or initiate a backup.  

Similar to a firewall, the best backup system for your business is the one that you will use correctly. If you keep your system backed up correctly, you only need to restore your data from the backup in the event of a cyber incident.  

4. Encrypt your data

Encrypting your data makes it essentially unreadable to others. Encryption software creates a sort of code that prevents an intruder from being able to access your data in a useful format.  

You can encrypt individual files or folders, you can save data into an encrypted container of sorts, or you can encrypt your entire hard drive. This last type, called full-disk or whole-disk encryption, is the most comprehensive and the most seamless to use. When logging on to your system, you’ll provide an encryption passcode which will unlock your files for use.  

5. Patch your software

A software patch is an update to a software program that fixes vulnerabilities, increases performance or corrects bugs. Software vendors may send notifications when patches become available, and you can get the patch from the vendor’s website.  

Software vendors may provide automatic updates if you request them. This is the best way to keep your software up to date and reduce your exposure to vulnerabilities, so if you have the option to receive automatic updates, take it.  

When downloading patches, make sure you are doing so from the software vendor’s website. Never click on a link in a message to download a patch. Type the company name into your browser and find the appropriate upgrade. And install upgrades while you’re connected to a secure network, like your home or office network – don’t use an open network in a coffee shop, for example.  

6. Train your staff – and yourself

Email is one of the greatest recent inventions when it comes to efficient communication in business. We rely on email every day to get work done. But it can also be risky, and email is a very popular way for threat actors to gain access to your system or to separate you from your money. Being able to recognize a fraudulent email is a critical skill that goes a long way toward keeping your data safe.  

Never click on a link or an attachment in the email without first verifying that the sender is who they say they are. Hover over the ‘from’ name until you see the email address and inspect it carefully. It’s difficult to tell the difference between a number ‘1’ and a lowercase ‘l,’ for example, and scammers understand this. If you have any doubts at all, email the sender – don’t reply, create a new message using the email address you have for them – and ask if the email is legitimate.  

📢 Related: A cyber security expert answers your ransomware questions  

Another common ploy that can be thwarted by paying careful attention is payment diversion fraud. This is when a bad actor tries to get you to send a payment to them instead of someone you typically pay. They may send you a message saying they changed the payment information or need an additional payment to a new account. In this case, contact the party that appears to be requesting the payment by another method and confirm the request.  

Responding to a cyber incident

Cyber crime is still lucrative, despite increased awareness and prevention techniques. So, it’s important to know what to do if an attack does occur, and how to mitigate the damage to your business.  

One of the most effective ways to do this is by purchasing stand-alone cyber security insurance for your business. In addition to covering the expenses associated with a data breach, ransomware attack, or other cyber incident, insurance coverage can include tools to help with prevention and access to expert assistance should an attack occur.  

With cyber security insurance from Hiscox, you will have access to training tools to help prevent an attack in the first place. In addition, if an incident does occur, you will immediately have access to a team of experts who will determine who is likely behind the attack, how the attack occurred (and whether it is ongoing), what data has been compromised, and what the best course of action is. You may also be covered for the costs associated with the attack, which can range from the cost of notifying affected parties and complying with regulations, to funds lost due to fraud, to ransom demands, and more.  

💡✍️ To find out if cyber security insurance is right for your business, and how much it will cost, get a quote today.