Note: This blog post is an extract from my presentation at a workshop organized for Small and Medium Business Owners in Abuja.

Hello, business owners! In today’s digital age, keeping your business safe from cyber threats is crucial. Cybercriminals are becoming more sophisticated, and small to medium-sized businesses (SMEs) are increasingly targeted.

This guide will equip you with the knowledge and tools to keep your business safe from online threats. By the end of this presentation, you’ll know how to:

1. Identify what you have that’s valuable to cybercriminals.
2. Protect your valuable data and accounts.
3. Detect a breach.
4. Respond to an incident efficiently.
5. Recover from a breach.
6. Utilize a technology checklist tailored for small businesses.

Let’s dive in!

1. Identify What You Have That Is Valuable to Cybercriminals

Have you heard of “dark web”? To learn why businesses are a target of hackers, we need to understand the dark web. The dark web is much like a freelance marketplace where stolen data from businesses like yours is bought and sold. Your business and personal accounts have data that’s valuable to criminals. Criminals can buy malware or computer viruses at the underworld marketplace. The criminals on the dark web are not just in the business of selling data, they also offer services. One can hire a hacker to steal a password, send ransomware or take down a website with a distributed denial of service attack.

Here are some key areas to consider:

• Customer Data: This includes personal identifiable information (PII), credit card numbers, and contact details.
• Intellectual Property: Think about your proprietary business information, trade secrets, and any unique processes or formulas.
• Business Financial Data: Your bank account details, financial records, and transaction histories are all valuable.
• Employee Information: Social security numbers, health records, and other personal data of your employees.

Make a list of these assets and classify them based on their sensitivity. This helps prioritize your protection efforts.

2. Protect Valuable Data and Accounts

Once you’ve identified what’s valuable, it’s time to protect it. Here are some best practices:

• Strong, Unique Passwords: Use complex passwords and change them regularly. Consider a password manager to keep track.
• Multi-Factor Authentication (MFA): Add an extra layer of security to your accounts by requiring a second form of identification.
• Data Encryption: Ensure your data is encrypted both at rest and in transit. This makes it unreadable to unauthorized users.
• Regular Software Updates: Keep your systems and software up to date to protect against vulnerabilities.
• Secure Wi-Fi and Network Settings: Use WPA3 for your Wi-Fi and ensure your network is segmented properly.
• Employee Training: Educate your team about phishing and social engineering attacks. Regular training can significantly reduce risks.

3. Detect a Breach

Even with the best defences, breaches can still happen. Knowing how to detect one early is crucial:

• Unusual Account Activity: Monitor for any unauthorized access or large, unexpected data transfers.
• Sudden System Slowdowns: This can be a sign of malware. Keep an eye on your system’s performance.
• Unexpected Pop-Ups or Programs: Be wary of new programs or pop-ups you didn’t install or recognize.
• Monitoring Tools: Utilize Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) systems. Regularly review logs and conduct audits.

4. Respond to an Incident Efficiently

If you detect a breach, act quickly and efficiently:

• Immediate Steps: Disconnect affected systems from the network, change all passwords, and secure your backups.
• Who to Contact: Have a clear plan of who to notify – both within your company and externally (like cybersecurity experts and law enforcement).
• Documentation: Keep detailed records of the incident and the steps taken. This will be useful for analysis and reporting.

5. Recover from a Breach

Recovery is about getting back to business as usual with minimal disruption:

• Restoring Systems: Ensure your backup and restore procedures are robust. Regularly test them to ensure they work when needed.
• Post-Incident Analysis: After the immediate threat is mitigated, conduct a thorough review to understand how the breach happened. Implement improved security measures to prevent future incidents.

6. Technology Checklist for Small Businesses

Finally, let’s go over a quick technology checklist to keep your business secure:

• Antivirus/Antimalware Software: Install and update regularly.
• Firewalls: Use both hardware and software firewalls to protect your network.
• Secure Backup Solutions: Regularly back up your data and ensure backups are secure.
• Secure Cloud Services: Ensure your cloud services are compliant with security standards.
• Regular Security Audits: Conduct audits to identify vulnerabilities and ensure compliance.
• Cyber Insurance: Consider cyber insurance to help mitigate financial losses from a breach.

Conclusion

Cybersecurity might seem daunting, but taking it step by step can make it manageable. By identifying your valuable assets, protecting your data, detecting breaches, responding efficiently, and knowing how to recover, you can significantly improve your business’s cybersecurity posture.

Remember, cybersecurity is not a one-time effort but an ongoing process. Stay vigilant, keep learning, and regularly update your security measures. If you have any questions or need further guidance, feel free to reach out. Stay safe!