What are the basic requirements for cybersecurity?

basic cybersecurity

Ideally, no business only does the bare minimum for their cybersecurity. But it’s understandable that many small or medium businesses are limited by their budget. If this is the case for yours, you need basic cybersecurity measures that are effective yet affordable.

Here’s how you can ensure your business is protected and secure, without breaking the bank.

5 basic cybersecurity measures for businesses

Cybersecurity mustn’t slip under the radar for small businesses. 43% of all data breaches involve small businesses, with 60% of these businesses filing for bankruptcy within six months of an attack. 

Luckily, the cybersecurity landscape is full of many great solutions to secure your business, ranging in complexity and price depending on the levels of protection you need. And it can be helpful to go back to basics in tough economic times.

You can do this without sacrificing security by following the control areas of Cyber Essentials. We’ve outlined them, and what they mean for small businesses, in this blog.

Here are some examples of the basic cybersecurity measures that any small business can take to maintain a good level of protection against cyber threats:

1. Make your business internet connection secure

There’s always a risk to your business network and equipment when you have a broadband connection. Think about it – it’s always on – so there’s always a window of opportunity.

Luckily there’s no need to fret. Instead, ensure that you’re using a business broadband package. They’re more comprehensive compared to a home broadband package and include proactive security measures.

For example, many business broadband options are equipped with higher-grade security software. You should look for features such as a VPN, firewall, and the ability to filter content. With this functionality, you don’t need to spend more on additional solutions because your key security features are built in.

Need help finding the right cybersecurity accreditation for your business? Check out our guide.

2. Switch on secure settings for business devices

Business equipment and software often come with the manufacturer’s default settings. This is useful to set things up quickly. But did you know that it’s easy to ‘upgrade’ your devices to a more secure setting?

Secure settings provide a greater level of protection against security vulnerabilities. Simply check the settings of your business equipment and take a critical look at its features and services. For more explicit advice, the National Cyber Security Centre provides free, trusted security guidance for businesses across a wide range of platforms.

You can also implement measures like multi-factor authentication across devices as an additional level of security. Or set up a locking mechanism across devices that require either biometric, password or PIN access.

3. Manage data access in your business

Check that only the right people have access to the data they need in your business. 

For example, only certain team members might need to access sensitive data, so they are the only ones that need permission. 

A ‘least privilege’ policy is the best method of managing data access in your business. It only allows users to have the minimum level of access or permissions needed to perform their jobs. This creates a safer environment for your data and reduces the risk of harmful, or accidental, actions. 

4. Protect against malware and viruses

Antivirus software is a basic cybersecurity measure for all businesses. It’s a type of software product that detects, quarantines, and blocks malware from running on your business devices. These are malicious programs that can impact your data, alter, or hijack functions, or monitor end-user activity.

If your budget is tight, you don’t necessarily have to spend a lot of money on antivirus software. There are free and built-in anti-virus solutions for most popular business platforms. If you’re looking for something a little more robust, read our blog that highlights our top 10 antivirus products.

5. Keep software and devices up to date

Manufacturers release regular updates for software and equipment like new features or bug fixes.

The programs, software, devices, systems, and tools you use every day will require updating every now and then. And if you’re using an old version of them that isn’t up-to-date, it leaves your business open to vulnerabilities. Ironically, even outdated antivirus software could be exploited by bad actors.

Regularly patching your software and devices avoids these problems. Making sure every tool in your business is running the latest version helps you create a safer working environment. 

Always cover the basic cybersecurity principles

Implementing these basic cybersecurity measures is a simple, straightforward, and affordable method of keeping your business secure. 

And for small or medium businesses looking for extra security qualifications, these steps are part and parcel of qualifying for a Cyber Essentials certification – a government-backed qualification that proves to customers and partners that your business protects itself from cyberattacks.

Still unsure about what the ‘must haves’ are when it comes to your business’s cybersecurity? Then check out our guide to cybersecurity on a budget.

Cost of living CTA 2

What is a zero-day attack?

zero-day attack

Provided you’ve read any cybersecurity story in the media recently, you’ve probably come across the phrase ‘zero-day attack’ before. It’s often dropped into reports by journalists with little explanation of what it means or why you should worry about it. So, in the interest of clearing up some confusion, here’s everything you need to know. 

What does ‘zero-day’ mean?

Usually, software companies and developers will periodically fix flaws in their products. However, there are some rare instances where this doesn’t happen and a flaw goes unnoticed.

The term ‘zero-day’ refers to those security vulnerabilities that fall through the cracks. It’s neat shorthand for developers having only just discovered the flaw and limited time (zero days) to fix it.

A zero-day attack happens when the bad guys get there first and hackers exploit the flaw before the developers discover it. 

How do zero-day attacks work? 

All software, no matter how robust initially, develops vulnerabilities over time. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged since it was created.

Whatever the reason, the fix is usually simple. Developers create a patch, release it in an update to users, and the vulnerability is dealt with. Think of it as being a bit like your mum fixing your school trousers after you fell over in the playground for the umpteenth time.

Unfortunately, this doesn’t always happen and hackers get there first. And, as long as the vulnerability goes undetected, cybercriminals can write and implement code to exploit it. This could allow them to steal confidential data, launch social engineering attacks, or even release malware onto users computers. 

This can go on for as long as the vulnerability remains undetected; sometimes days or even months. What’s more, even when the flaw has been fixed and an update released, it may take some time before every user updates their device. After all, an update is only as good as the number of users who download it. 

How do you know when a zero-day attack has happened?

A zero-day attack is particularly dangerous because the only people who know about it are the cybercriminals themselves. This allows them to pick their moment, either attacking instantly or biding their time.

Because vulnerabilities come in many shapes and sizes from problems with password security to broken algorithms, they can be very hard to detect. Often, a business won’t know there’s anything wrong until the vulnerability has been identified.

Nevertheless, there are some telltale signs. You might see sudden surges in unexpected traffic, odd behaviour from software you’re using, or suspicious scanning activity. 

Are there any famous examples?

Incidents involving zero-day vulnerabilities are more common than you might think. Only days ago (early Feb 2022), it was revealed that three critical flaws in the code for a WordPress plugin threatened 30,000 websites worldwide. Fortunately, on this occasion, WordPress appear to have got there before the bad guys, but there are plenty of examples when businesses weren’t so lucky.

Zoom, 2020

In this instance, hackers found a vulnerability in the popular video conferencing platform Zoom. It allowed cybercriminals to remotely take over the computer of anyone using Zoom and running an older version of Windows.

Microsoft Word, 2017

In a horribly alarming twist, this attack used a vulnerability in Microsoft Word to steal users banking login data.  Users who opened seemingly normal Microsoft Word documents unwittingly installed malware on their device that was able to collect banking login credentials. 

Apple iOS, 2020

Apple is generally famous for its impregnable security (remember the old myth that Apple Macs couldn’t get viruses?). However, in 2020, hackers did discover a vulnerability in its iOS mobile operating system. This flaw allowed cybercriminals to remotely access and control unlucky users iPhones.

What can you do to protect your business?

Update your software regularly

The easiest way to protect your business against zero-day attacks is to regularly patch your software and operating systems. It shouldn’t take you more than a couple of minutes each month. All it requires is that you check now and then for any new updates to tools and software you use. Or, if you want an even easier solution, simply turn on auto-updates in your device’s settings, and you won’t even have to think about it.

Use a firewall and anti-malware

Firewalls and anti-malware tools are the first line of defence for most cybersecurity threats and zero-day attacks are no different. Good firewalls and anti-malware can thwart some zero-day attacks the minute they enter your system. 

Limit the number of applications you use

Most businesses already do this to some extent, software costs money after all. However, when it comes to protecting your business against zero-day threats a simple maxim applies: the less software you have, the smaller the number of potential vulnerabilities. So try to use only the software and tools your business really needs. 

Educate your team 

Most zero-day attacks capitalise on human error in some way. So educating your employees on good security practices and habits can help reduce the risk of a successful zero-day attack. For more on how to go about this, check out our blog on security training

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA

What’s the difference between antivirus and anti-malware?

Antivirus and anti-malware

Antivirus and anti-malware software is the most basic of basic building blocks for any SME’s cybersecurity strategy. It’s likely the first cybersecurity tool you ever heard about and it’s pretty rare to meet anyone who doesn’t use one.

But do you know what they actually protect you from? Or the difference between an antivirus and an anti-malware? And do you really need both?

Malware vs viruses

Before we discuss the merits of the two types of software, we need to tackle the difference between viruses and malware. If you’re anything like most of the population, you probably assumed that the two things are synonymous. Isn’t ‘virus’ just a slightly dated way to say ‘malware’?

Well, in a way, that’s almost correct. However, this is the world of cybersecurity so things are always a little more complicated than they first appear.

The term ‘virus’ describes a bit of malicious code that can reproduce itself over and over again – just like a biological virus. This code is designed to damage your device, whether by corrupting your system or destroying data. Viruses are also usually considered ‘legacy’ threats that have been around for a long time and are rarely used by today’s cybercriminals.

‘Malware’, on the other hand, is an umbrella term that refers to lots of different threats. These can range from ransomware to spyware and even some newer viruses (confusing, we know). The key difference is ‘novelty’. The threats that fall under the term malware are new, constantly evolving, and very much in use among modern cybercriminals.

It’s for this reason that antivirus software providers have been forced to up their game and protect customers from more than traditional viruses. 

What’s the difference between antivirus and anti-malware software?

So, now we know the difference between malware and viruses, let’s tackle the software. 

As you might expect, antivirus usually deals with older, more established cyber threats. To illustrate, think of the sort of stuff you were warned about in the noughties – endless error pop-ups, trojan horses and worm viruses. These attacks typically enter your business through tried and tested routes such as email attachments or even corrupted USBs. 

These cyber nasties are generally very predictable and easy to counter. However, they can still do plenty of damage if left unchecked. 

On the other hand, anti-malware software tends to focus on defending against the latest threats. A good anti-malware will protect your business against ransomware, spyware, sophisticated phishing attacks and zero-day attacks.  Anti-malware software will normally update its rules faster than an antivirus, making it the best protection against any new threats you might stumble upon while using the internet. 

Which should you choose? 

At this point, you might be wondering why you need an antivirus if anti-malware can protect your devices against the latest threats? 

Although this is a valid question, it’s a pretty risky way to approach cybersecurity. Sure, most of the threats covered by an antivirus might be dated and rarely used by the bad guys. However, that doesn’t mean they no longer exist or that they can’t still give you a major cybersecurity headache.

Doing without antivirus software is a bit like a state deciding to focus exclusively on protection from nuclear threats while neglecting the potential for invasion by land. It’s a flawed approach that leaves your business open to threats that shouldn’t pose too much of a problem in 2021. 

Instead, it’s better to take a layered approach to your cybersecurity. By this, we mean installing antivirus and anti-malware software to protect your business against threats new and old. 

Or, in simpler terms, it’s not a question of either/or. A truly effective cybersecurity strategy includes tools, training and measures to counter any threat. To find out more, download our guide to cybersecurity in a new era of work.

Remote working CTA