SMEs & CyberCrime- 5 simple things an SME can do to stay secure

Business can be challenging: suppliers, customers, logistics and finance – all need the business owner’s attention, possibly daily. Cybersecurity also needs your attention, but if you plan and implement a well thought-out strategy, it needn’t disrupt the working day, whilst keeping your company safe from the growing threat of CyberCrime.

We live in a digital world where the number of automated hacking attacks on the internet, or bots, outnumber people online. It’s a stark reminder that CyberCrime is growing, and you need to be vigilant to ensure it’s not your business that pays.

Email & Virus

The single biggest threat to your company will come in the digital-post – email.

Phishing emails that try to get you to enter sensitive personal or finance details or emails that bring infected and malicious files with it plague businesses everyday. You should enable any built in security and firewall settings available in the operating system of your computers and consider installing Anti-Virus software from reputable companies and if you have a larger office, you could consider installing a hardware firewall for dedicated network protection.

Employees should know that they should never click on links or save attachments from unsolicited emails, no matter how convincing the email address or message content looks. Most large email providers filter out much of the spam or dangerous email, but as new threats emerge there should be a responsibility on the individual employee to be vigilant.

Up-to-date Software

Regardless of what software operating system you are running, Windows, Mac OS or another, you should ensure that updates are downloaded and installed. Many software updates can be automatically downloaded when available by enabling ‘Auto-Update’ and for operating systems you should make sure employees do this.

Applications like Office from Microsoft or browser plug-ins like Adobe’s Flash will often request the users’ permission to download and update, and you can eliminate emerging or newly identified threats by making sure operating systems and applications are up to date.

Employees might grumble that their PC slows down or prevents them from getting on with work at hand while it’s updating, so for non-critical updates, maybe schedule regular updates for Friday evening if everyone’s going home early, but critical or security updates should be installed when they become available

Two-Factor Authentication

If you use an email service from the leading tech companies like Google and Microsoft, you may have noticed an option to ‘Enable Two-Factor’. This is a simple process, but makes using the service far more secure. It’s easy to enable it on your email account and then the service provider will send you an SMS text with a code you enter as a second means of identity, in addition to your password. Social Media sites also use it, as do banks and other financial organisations. If there’s an option to enable two-factor for any of the services your business use, do it.


It’s crucial that the passwords you use at work are up to the job or keeping the account they’re attached to safe. Short passwords, passwords that include an employee’s name or common passwords, should always be avoided. Eight character passwords with a combination of numbers, upper-case and lower-case numbers and some symbols should be used as a minimum, but ideally passwords should be twelve characters or more in length.

Make your password policy such that it means employees are responsible for creating their own, strong passwords and the policy should stipulate that passwords should be changed regularly, and never reused across different services; one password for the bank, one for payroll, one for email and so on.


One of the greatest threats to businesses is when data leaves the office. This happens practically every day when you leave the office with a mobile phone, a laptop or perhaps a USB key with a saved presentation.

Laptops should always be protected with a strong password at start-up, and many of them have built in encryption tools, ensuring that the data cannot be accessed even if the laptop is dissembled.

Mobile-phones and tablets should also be protected by a strong password and you should consider installing Mobile Device Management (MDM) software if you have sensitive data on your mobile-phones.

In large companies, USB drives can be a thorn in the side for IT Managers, and many staff often don’t have the security privileges to insert and save to a an external USB drive. If you do carry data on a USB drive yourself or allow employees to bring sensitive documents out of the building, consider using encrypted drives like the Kingston range that has a small keypad on the drive to unlock it.

First published at

Related Posts
Read More

FBI issue ISIS WordPress Plug-In warning

The FBI today, issued a warning to WordPress users about their Content Management Systems (CMS), as they could be at risk from ISIS supporters intent on making public statements by defacing websites using one of the world's most popular publishing platforms. Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).
Read More

The Cost of CyberCrime and Insuring Against It

The impact of a cyber-breach on a small business could be catastrophic and the cost mightn’t just be financial. Reputation and operations could all threatened if a business is the victim of CyberCrime, but insurers may provide some peace of mind with the more widespread availability of Cyber Insurance policies.
Read More

CyberCrime & The Internet of Things

Connected devices will bring efficiencies and automation to our lives, but as we connect more and more devices, we are creating the opportunity for data to leak out, and nefarious hackers, to creep in.
Read More

CyberCrime: How Businesses Are Under Threat

From Ransomware and Virus infection to the theft of your banking or customer data, who is trying to hack you and why? And if you know the who and why, you’ll be better prepared to stop them.