Cyber security best practices for small business owners

A single cyber attack can disrupt your business, threaten the protection of data and personal information, harm your business’s reputation and cost your business money. Here are a few non-exhaustive, simple and practical cyber security tips to help your business protect data, preserve personal information and decrease cyber-related threats.

Cyber security awareness, education and training

Cyber security awareness, education and training helps your employees understand the risks involved when proper cyber security measures are not implemented or taken seriously. Provide privacy and security training that educates your employees on detecting and responding to cyber security incidents.¹

Protect your devices against cyber threats like viruses and malware

To help protect devices from cybercrime threats, consider using anti-virus and anti-malware software on your computers and ensure that all software installed on your business’s network is updated regularly. You may also set the software to automatically install updates on all company devices and computers as they become available.

Back up data for enhanced privacy and security

Whether your business stores information on a cloud service, on-premises, or in a hybrid data center, back up all files to external hard drives that are not connected to the Internet. This can reduce the likelihood of future cyber security incidents and minimize the risk of malware destroying both business and personal data.²

Create strong passwords

Require that your employees create strong passwords, such as a phrase containing random words, letters, numbers and symbols. A strong password makes it more difficult for cyber criminals to hack into computers and steal sensitive and personal information. Remind employees that their work passwords on their computers and online platforms must be unique and changed periodically to help ensure constant cyber security and privacy protection.

Secure Wi-Fi networks

Ensure the password on your organization’s wi-fi network is changed from the service provider’s default and follows the same strong password guidelines as above. Secure your online network from cybercrime threats by providing visitors to your business who need to use the internet with access to a guest network. This cyber strategy adds an extra layer of privacy and cyber security by preventing said visitors from accessing your employee network and private or personal information. A virtual private network (VPN) can also provide your employees with secure internet access to your company network securely from their devices.

Secure your payment systems

Choose a bank or processor who uses the most trusted security tools and anti-fraud services. Consider keeping your payment systems isolated from other systems or platforms to avoid the malicious threat of cybersecurity breaches.

Provide firewall security for your internet connection

A firewall is a set of related cyber security programs that prevent outsiders from accessing data on your private network.³ Ensure your operating system’s firewall is enabled and properly configured in order to minimize cybercrime threats. If employees work remotely, encourage them to check that their internet systems maintain a high level of cyber security and are also protected by a firewall. To learn more about home network security for remote employees, visit www.getcybersafe.gc.ca.

Control access to computers and devices

Control physical access to your computers and devices by creating a user account for each employee.⁴ Ensure that mobile devices and laptops are locked and protected by strong passwords when unattended. To ensure privacy and protect data, administrative privileges should only be given to trusted IT staff and key personnel.

To learn more about how you can protect your business from cybercrime and cyber attacks visit aviva.ca/business-cyber or talk to your insurance broker to learn more.


 

Sources:

¹ https://www.cyber.gc.ca/en/provide-employee-awareness-training

² https://www.cyber.gc.ca/en/back-and-encrypt-data

³ https://www.cira.ca/blog/cybersecurity/canadian-center-cyber-security-recommends-a-dns-firewall-small-and-medium

⁴ https://www.cyber.gc.ca/en/implement-access-control-and-authorization