About 15 years ago when I had a larger online business, we started a Cybersecurity for Small Business arm for our customers. Because small businesses cannot afford big corporate-style systems we developed a simple system even individuals can use.
What is Cybersecurity for Small Business
Cybersecurity is the protection of your business’s digital assets and information from unauthorized access, theft, or damage. Cybersecurity is important for small businesses because they often have valuable data, such as customer details, financial records, or intellectual property, that could be targeted by cybercriminals.
A cyberattack could result in significant losses, reputational damage, or legal consequences for your business.
Business Case Sample
We recently initiated the above for a client and he had not quite got around to training a couple of temp staff and they clicked on a link that shut down his computer. Luckily as soon as it happened it was disconnected from the network. The attackers wanted $10,000 to release their attack.
Initially he forgot that we had instigated our system for him and so called a company who quoted him a few thousand dollars to fix and then rang me. I reminded him we had already set it up and all we had to do was remove the hard drive and put in the backup and he was back up and working for next to nothing on the same day. We then reformatted the hard drive and made it into the backup.
We also ran a course for others wanting to set up a similar system and trained quite a few back in the day. This system was based on 4 key points. We call it:
Investigate – Initiate – Educate – Finalize
Investigate
In this first section, we want to go through what our or our customer has in place to guard their business. Computers, backups, antivirus, staff protocols, passwords etc.
Be sure to visit the private forum and ask any questions or make some comments to help your fellow consultants.
It is important to get as much information from the customer as possible to work out a clear plan of action.
So what we need to learn is the culture of the business we are going to help. If this is an old customer, then it is quite easy as we have already built a relationship.
Obviously if it is a new customer then we need to establish that relationship first.
Basically, we want to do what is listed in the graphic to the left.
The truth is that most virus software only protects the viruses from the past not current as they have to add it. Some do this daily, and some do it less often. We want to create a system that if anything does happen we can get up and running again quickly. Backup is critical to any Cyber Security Plan no matter what size the business.
We can make it harder for hackers once we implement some basic controls.
One of the places I learnt how to offer different services to my customers was through TED Talks and YouTube and then applying what I learnt so then I could add my own.
Watch this video from a professional hacker.
Initiate
Once we have this information we can then look at adding software, hardware and policy to their business.
This is the crux of the course where we take you through the different products you can offer your clients and also use yourself. We will also provide education with products and services you can use.
In the Investigation page we had a video at the bottom by a hacker and he suggested the best way to protect yourself is make sure everything is up to date and use strong passwords. This is basically all we had when we started working with small businesses however we have added a lot more this day. Below are the main topics
1. Cyber Security Policy Document
Most small and home businesses will not need a Cyber Security Policy Document however as you get more confident with your product you may want to move up to larger businesses with lots of staff and this document then becomes gold. They come in a word doc so you can customize and brand. Even home businesses may need this in the future.
A Cyber Security policy I believe will be required by Govt and Insurance companies in the future as Cyber attacks become most prevalent. After reading through a lot of plans and policies the one below provided by the FCC is the most comprehensive I have found. Read this all the way through and visit the links and you will have a great foundation for your Cyber Security business.
The PDF is the original from the FCC in the US and the doc version is the one we took from it and formatted it so you can customize it for yourself. Here is where I found it http://www.fcc.gov/cyberplanner.
Also I have included a sample Cyber security policy.
Cyber Security Planning Guide – Doc – PDF
Cyber Security Sample Policy – Doc – PDF
A whole range of security templates.
http://templatelab.com/security-policy-templates/
2. Passwords
One of the most important parts of security to have different passwords for different uses and also a way to store them. We use a free product called Keepass and provide the software and training. Has a desktop and USB version which is fantastic for travelling.
A very simple security password system is first 3 letter of your surname with first letter in caps then fist three letter of the program being accessed. Then using a function number key like a _+)(*&^ and then a date you can remember so it looks line this for Rabert accessing his West Bank. So it looks like RobWes-21012024. Each program then has its own easy to remember password.
3. Antivirus Software
I am always surprised how many businesses use free antivirus software despite all hackers suggesting that it is not worth it. Good quality software does so much more than scan for viruses. Its an investment not an expense. Here you can check the latest programs
4. Backup and Storage – MUST DO
Lets face it if someone decides that they are going to hack a small business they probably will. What we do is remove the chances of bots and the automated systems etc. If everything is backed up then we can clean and re-install it all within 24 hours. It is our insurance and does not have to be that expensive. DIY or Outsource
You should always do a backup offsite to cover fires and break-ins. We use Amazon S3 with some software to link our computer with the S3 bucket.
5. Storage Backup for Home Office
For small home businesses this can be to a external hard drive and then we like to upload to Amazon. You can buy caddies and buy a separate hard drive. These are also called docking stations.
They connect directly to your computer and with some simple software you can backup to the hard drive and also upload.
The reason to backup to Amazon is to have a copy offsite in case of theft or fire etc.
I use Cloudberry to a S3 or Amazon Glacier account which works out to less than $3 for 100 gig storage a month. On the backup page we also provide free versions and one for Mac computers.
This is a great system for home based businesses with just a couple of computers. You can share the drive over a network so a couple of computers can use the storage but the computer its connected to needs to be available all the time as they usually connect via USB.
6. Storage Backup for Small Business Office
With businesses that have a number of computer we use a small server called a NAS.
A NAS (Network Attached Storage) is aimed more at the network file storage end of things, offering an easy way to make a ton of storage available to your network. Basically it is similar to the caddy above but can run separately to a computer and often comes packaged with software.
You want to get one that has two drives so they copy to each other and if one goes down then you simply slip in a new hard drive and it copies everything across.
If your not to savy then go find a supplier and do a deal. We did it all our self to start with but then the guy we were buying the NAS from asked what we were doing and ended giving us a great deal so he does it all for us now and pays us a commission. As always do what you love outsource what you don’t.
I tried making a video to explain but it was 30 minutes. This guy does all the same info in 5 minutes and is pretty good. In fact he has some techie stuff I have used in the past.
7. Computers
While not so much a security risk as much as a hardware failure a lot of computers in offices never get cleaned and so fans etc get all clogged up with dust and dirt. Time to do a clean so DIY or Outsource.
When checking out the computer(s) we are checking for a few things.
1. Is the operating system up to date, all new patches applied etc.
2. Does it have antivirus software?
3. Is there a backup system?
4. Unused software
5. Password to access.
6. Amount of Ram, access points, CD, usb.
This is not really a point but, if possible, I like to look at the back of the computer to see if the fans are clogged up with dust and if so recommend a local IT person to clean them.
Basically, we call this an asset review, and it can be done manually or with software.
To gather this information, you can do it manually or use some simple software. Alternatively use a spreadsheet or a QR Code to link to the spreadsheet.
This article will take you through the whole Asset Management system with many great suggestions.
8. Managing assets
- Create a register of your hardware and software assets:
- Take note of the brand, make, serial numbers and specifications for your equipment.
- Include monitors and other portable assets such as printers, scanners, speakers, pointing devices, cameras, mobile phones and storage media.
- Record the name, version number and product keys for your software.
- Keep this register in a secure location.
- Lock portable equipment that is not in daily use in a secure cabinet.
- Create a register for staff to sign out equipment. When staff sign out equipment, remind them of relevant security procedures and obligations. Audit your register monthly to ensure equipment has either been returned or is still on loan.
- Mobile devices such as laptops, tablets and mobile phones should be encrypted and secured with apassword. Software is available to encrypt the hard drives of desktop computers to stop them being accessed if they are stolen.
- Ensure that staff do not write down passwords and keep them with the devices.
https://comparesoft.com/asset-management-software/small-business/
9. Secure Wireless Access
Many offices these days work on wireless rather than cabled Internet and access so we need to secure it.
Your internet connection is a channel from the outside world into your computer. If it is not secured properly someone may use it to get to your information or hijack your connection or computer for their own purposes.
If you use a modem or router:
- change the default administrator (admin) password for the device
- disable remote management.
- prevent unnecessary incoming connections.
- disable unneeded services.
Secure your wireless network!
Having an unsecured wireless network can allow anyone within range to access your network or use your internet connection. They could use up your download allowance (possibly resulting in excess usage fees), intercept and read your email or, more seriously, use your account to access illegal content or undertake criminal activities.
If you are using a wireless connection to connect to the internet, or between other computers in your home or business (a wireless network), make sure you can protect your connection.
The access point makes itself known to other wireless devices (like the wireless card in your computer) by broadcasting an identification number (SSID). Computers that have a wireless card, and have permission to access the wireless frequency, can use this connection.
Because wireless networks do not require a wire between a computer and the internet connection, it is possible for anyone within range to intercept the signal if it is unprotected.
10. Managing Spam and Emails
Emails are a key source of infection so we will have a look at some ways to stop this. Also spam can use up a lot of time so we will also look at this.
URLVoid is a service that helps you check the online safety and reputation of a website through 30+ blocklist engines and online reputation services. You can also view the safety report of a website and identify its malware and phishing threats. Check if a Website is Malicious/Scam or Safe/Legit | URLVoid
11. Resources
We use a lot of Govt resources as they are free and quite often simpler and more aimed at the small business market.
For example we use some of their posters at training sessions and seminars.
 |
 |
 |
 |
| Download | Download | Download | Download |
 |
 |
 |
 |
| Download | Download | Download | Download |
Update your browser
It’s important to always upgrade to the latest version of your web browser so that you get the latest security updates.
Educate
If they have any staff, contractors etc we can set up some education for them either live or with videos.
There are several free cybersecurity training resources available for small businesses. Here are some of them:
- Small Business Cyber Security Guide: This guide provides basic security measures to help protect your business against common cyber security threats. It includes a checklist and a guide that can be downloaded in PDF format. The guide is available on the Australian Cyber Security Centre website.
- COSBOA Cybersecurity Course: This free course is designed to educate and provide tools to small Australian businesses to help keep them protected from cyber threats. It is funded by Telstra and the Commonwealth Bank. The e-learning platform will be designed by and for small businesses with an aim to become the country’s first cyber safety workplace certification for the small business sector. The program is currently in its pilot stage and is based on the ASCS’ Essential Eight strategies to help mitigate cyber crimes. You can read more about it on the SmartCompany website.
- Cyber Basics for Small Businesses Training: This is a free, three-week training series for small businesses, co-hosted by the Global Cyber Alliance and the Cyber Readiness Institute. The resources provided include the slides, recorded webinar sessions, and links to additional resources for your reference. You can find more information on the GCA Cybersecurity Toolkit website.
- 32 Free Cybersecurity Training Resources for SMBs: This list compiled by Zeguro includes 32 different resources to help SMBs better prepare their workforces for cybersecurity. Every entry is free (or part of a free trial) and created by professionals in the field of information security. You can find the list on the Zeguro website.
- Cybersecurity for Small Business: This website provides a growing library of free detailed training courses and helpful guided resources for small businesses. You can find more information on the Global Cyber Alliance website.
I hope this helps!
Finalize
Now that it is all put together, simply go back and check every now and then and see that data is being backed up etc. This is the perfect time to show your other services like updating websites etc.
Well if your here hopefully you have read through all the information and applied to your own business.
I think you have got it. Keep everything up to date, use strong passwords and Backup.
Residual Income
This is where we now set up the residual income for our business.
After everything is set up we need to go back and check that all the different systems we have implemented are working. The backup is backing up, it is being sent to Amazon or whatever you choose and if there are any staff having any problems.
We offer our customers a 6 or 12 month support contract where they can call with any problems and as we have usually taken over their website we can also do content etc for them
