For me, the best thing small businesses can consider is adopting the use of a password manager alongside multi-factor authentication. The reason you want to do this in combination is two-fold: 1) You want to have unique, complex and hard to crack passwords on all of your essential platforms. A dedicated password manager can do this, and keep them all inside of an encrypted vault, making it very difficult for a cybercriminal to access them. 2) By using multi-factor authentication, you're making it extra difficult for a criminal to gain access. Particularly if you can use hardware or biometric-based tokens for MFA. Now, this approach is unlikely to stop a determined criminal from breaking in, if they really wanted to, but if you consider that most cyber attacks are opportunistic in nature, and most smaller businesses are unlikely to have enemies who are determined to hack them, then you can raise the bar to entry and make it that much harder to access your network. If the goal is to be just that little bit harder to get in to than the next company, then a cybercriminal is likely to move on to the easier target.
Given that most cyber breaches stem from a staff member being tricked, a simple strategy is to provide good cyber awareness training. Now when I say good, this simply means that the outcome of the training is suspicious and knowledgeable staff, who are now more likely to prevent a hack than facilitate one. That could be online training, or face to face - whatever achieves the best result. This type of training can be very cost effective as there are many providers to choose from. Live, instructor led training will obviously cost more, but it will also provide a significantly better risk reduction. And good training will cover many areas of cyber security relevant to staff. e.g. File extensions, link safety, social media, handling information etc.
At CloudTech24, we've found that maintaining reliable, frequently tested backups stored in a secure offsite location or cloud environment is an essential--and affordable--defense against cyber extortion. By ensuring data can be restored quickly, you remove much of the leverage criminals have. Even if resources are tight, prioritizing a robust backup strategy can drastically reduce potential damage from ransomware or other extortion-based attacks.
For small businesses on a tight budget, implementing regular, automated backups of critical data to an offsite or cloud-based location is a highly effective step against cyber extortion. This is remarkably cost-effective, especially with many affordable cloud storage options available. This addresses the core vulnerability of ransomware attacks: the loss of access to essential data. By having up-to-date backups, a business can restore its systems without paying a ransom. While it doesn't prevent attacks, it significantly reduces their impact, making it a crucial and budget-friendly defense against cyber extortion.
A simple way for small businesses to protect against cyber attacks is to use multi-factor authentication (MFA) on all accounts. This adds an extra security step, like a code sent to your phone, making it harder for hackers to break in. It's cheap or free and helps keep accounts safe from hacking and ransomware. This small step can make a big difference in protecting your business.