Get Cyber Safe’s quick guide to cyber security for small business

1. Take stock

Make a list of all the internet-connected devices and assets your business uses. This list may include:

• desktop and mobile devices (computers, laptops, tablets and phones)
• storage devices (hard drives and USB keys)
• peripherals (printers, scanners, monitors, keyboards, mouses and docking stations)
• internet-connected devices (point-of-sale (POS) devices, smart security systems and smart speakers)
• digital assets and services (social media accounts, websites, cloud and online bookkeeping services)

Take note of the location of each item, and who has the login and password PasswordCombination of letters and numbers you select to secure an account or device. to access to it.

2. Secure your devices

Secure each of your business’s devices with a strong passphrase or password that’s unique to each device. Be sure to update UpdateUpdates to software and devices add new features, fix bugs, and often contain new security features to protect against attacks. passphrases on devices that came with a default DefaultA setting automatically chosen by a program or computer that remains until the user specifies another setting. password such as routers and Bluetooth BluetoothAn industry standard for short-range wireless connections between devices like mobile phones, headsets, computers and PDAs. devices. Activate multi-factor authentication (MFA) wherever possible. Limit who has administrator privileges, ensuring that access is granted exclusively on a need-to-know basis.

3. Secure your network

Your business’s network NetworkSeveral computers that are connected to one another. is the gateway to all your connected devices. Protect it with a firewall that monitors network traffic and filters out malicious sources. You can also install CIRA Canadian Shield, a free DNS firewall FirewallA security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside. service that provides online privacy and security. Next, choose the best anti-virus software for your business. Ensure that it scans for known malware MalwareMalicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. It can: • Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information. • Reformat the hard drive of your computer causing you to lose all your information. • Alter or delete files. • Steal sensitive information. • Send emails on your behalf. • Take control of your computer and all the software running on it. and removes it, protects your devices from malicious websites, and monitors and flags suspicious program behaviour. If your employees telework, provide them with a virtual private network (VPN) so that they can connect securely from wherever they are working.

4. Develop a backup system

Having backups of all data is essential, as it ensures that your business can recover quickly from loss of data due to a cyber attack Cyber attackThe use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device. . If you choose to back up using a cloud service, review the privacy policies and security features offered by your cloud provider, and use a strong passphrase PassphraseCombination of random words you select to secure an account or device. . Keep in mind that the best backup has its own backup. Even if you use a cloud service, back up your most important data to a secondary storage device, such as an external hard drive or USB key. Determine how often you’ll perform backups or set devices to back up automatically, at least weekly.

5. Protect client and sensitive business data

A breach in your cyber security systems could mean the loss of your customers’ information. That could cost your business the trust and reputation that you’ve worked to build up. Always protect sensitive business data with strong passphrases. If your business uses an e-commerce platform, make sure it includes security features like MFA , data encryption EncryptionConverting information from one form to another to hide its content and prevent unauthorized access. , real-time threat alerts and compliance features.

6. Enable automatic updates

Operating system Operating systemThe main program that runs on a computer. An operating system ("OS") allows other software to run and prevents unauthorized users from accessing the system. Major operating systems include UNIX, Windows, MacOS, and Linux. (OS) and software updates often contain components that are very important for protecting your business’s security with improvements based on recent viruses and cyber attacks. Enable updates to install automatically for operating systems and for software SoftwareA computer program that provides instructions which enable the computer hardware to work. System software, such as Windows, Linux or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality. . If automatic updates aren’t available, install updates as soon as you are prompted.

A cyber security plan sets out the rules you and your employees need to follow. This may include:

• requirements to use passphrases and MFA on business devices and accounts
• rules on the websites employees may visit and the software they may download
• advice on email safety, including how to avoid phishing scams
• guidelines on accessing business data on personal devices
• a social media plan outlining what can be shared on the business’s social media accounts
• procedures for employee departures such as revoking accesses and changing passwords

8. Train employees

By letting employees know what is and isn’t cyber secure you can help educate them on how they can protect your business from cyber threats. Share your cyber security plan with employees, and explain the rationale for why it is in place. Schedule training sessions regularly to refresh your employees’ memories and to ensure new employees benefit from this training. October is Cyber Security Awareness Month and a good occasion to talk about cyber security.

9. Establish an incident response plan

An incident response plan outlines how your business will detect, respond to and recover from a cyber incident Cyber incidentAny unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource. . Your plan should include elements such as:

Detect: procedures for employees to report issues

Respond: procedures for isolating the affected device or system, and procedures (possibly including professional services) for resolving the issue

Recover:procedures for restoring your systems from your backup

10. Stay up to date on cyber security

Additional information on each of these steps is available in the full Guide to Cyber Security for Small Business and on GetCyberSafe.ca/business. For more in depth information on cyber threats and mitigation strategies, visit the Canadian Centre for Cyber Security. And, for the latest advice and guidance, follow the Cyber Centre and Get Cyber Safe on social media Social mediaInternet-based tools that allow people to listen, interact, engage, and collaborate with each other. Popular social media platforms include Facebook, YouTube, LinkedIn, and Twitter. .