5 Ways Small Business can protect from Cyber Attacks

Peter Tran

Below are 5 simple and effective tips for protecting your business from the embarrassment and cost of cyber incidents. Cyber attacks are on the rise especially since COVID, and is not just limited to large multi-nationals – every small and medium business needs to be protected. If you are nodding your head as you read these 5 essentials, then we hope that means you are already actioning. If not, you know what you can do to be prepared for the inevitable.

1. Emails Office 365 – Quarantine EOP and Defender

Covid-19 saw the rise of cyber attacks and email spear phishing, that is, emails targeting your end users pretending to be your boss, went sky rocketing. Having heard of friends, associates and even governments being victims of email spear phishing there are a host of solutions and strategies to catch suspicious emails but how effective are they when the email still gets through ? Before you go too far in cost and effort in your search, Microsoft’s Exchange Online Protection (EOP) is a service that comes free with Office 365. EOP confines your emails into a quarantine, where a knowledgeable administrator can release or block emails, thereby training your protection policy to get smarter every day. The strictest policy sure might be annoying to begin with, especially when emails like two factor authentication get quarantined, but committing a savvy and knowledgable administrator to get your policy trained is the surest way to teach your Exchange online protection which emails and senders are to be trusted.

Once you have Exchange Online Protection working well and blocking people pretending to be your boss, upsize your Office 365 security to Defender for a few extra dollars per user per month. This enables your business with top protection, enabling everything with ‘anti’ in the name and setting up everything with ‘safe’ in the name:

* Anti-malware
* Anti-phishing
* Anti-spam
* Safe Links
* Safe Attachments

Then finally hit the after burners and defend the workloads (ex. SharePoint Online, OneDrive, and Teams) and protect with Zero-Hour auto purge.

Microsoft Exchange Online Protection Architecture

2. Devices – Microsoft Endpoint Management

Microsoft have done an amazing job in architecting protection for your business data, where it is most vulnerable on end devices. Within a few clicks, Microsoft’s Endpoint Management can be enabled for any staff (corporate owned) and bring your own devices (byod). This first level protection is a must, which encrypts your corporate data on the end user’s device, enforces either a pin or biometric to open company apps, and allows remote wipe of company data in the event the device is lost or stolen. End devices such as Android, IOS and Ipads are protected in this easy first wave, and you must have Azure Premium P1 licenses as a minimum, a few dollars per user per month.


3. Operating Systems

With crypto viruses still running around crippling small and large companies, it is clear you are not safe if you run your business on an operating system. By operating system this means a server like Windows 10 or a user desktop such as Windows 10.

To protect user desktops, a Windows Virtual Desktop allows your staff to login to a cloud hosted workstation to access their corporate apps. Whilst your staff still need a workstation when they come to the office, this can be a much lower spec device and some businesses use Chromebook’s exclusively. Windows Virtual Desktop keeps your corporate apps and data secure and compliant with security capabilities that can proactively detect threats and take remedial action.

The added benefit is your staff can access this desktop from home or anywhere providing the same secure experience.

For servers, Microsoft offers serverless servers now called Platform as a Service or PAAS, for just about anything from web apps, through to databases.If you don’t want to be compromised, consider dumping your operating systems which are snack food for crypto, and move to a secure serverless Azure PAAS service. You’ll also minimise your administration overhead by removing the need for operating system patches and updates.

4. Backups

Once in the Cloud, your company data is in good hands in the Azure eco-system, but take note ! You may not have enabled your backups yet ! Azure offers loads of backups for apps, databases, files, virtual machines and more, with standard retention policies and support for any retention policy you desire. Your backup policy is only as good as the last time your successfully restored it. Test your backup policies through regular restoration exercises that proves you can run the business of your restored backups. If not, you may find your business crippled when you most need your backups.

Image of Backup in Keyboard

5. Education

Of course the smartiest and most important step in any cyber policy for your company is to educate your staff. You can convey the message in two ways: First, the importance of safety and secondly, what they need to do. When you have your plans in place a communication plan will see your staff educated in waves pre, during and post rollout. Professional and visual Email and communications templates are fantastic tools that get the message across to your staff in a professional manner.

Leave a Reply