6 tips to safeguard your small business from cyber criminals

Shamini Schaaf, head of Tarsus Academy, gives six common sense tips that can help your small business secure its systems and data from information security threats.

Johannesburg, 07 Sep 2016
Read time 4min 00sec

Cyber crime is a growing threat to small and medium businesses as criminals target their bank accounts and proprietary information. The consequences of falling prey to malware or a hacker can be devastating for a small business: loss or theft of sensitive information, permanent damage to customers' trust in the company, hours of lost productivity, and even heavy financial losses.

For a small business owner, staying ahead of relentless, well organised and sophisticated cyber criminals may seem like a daunting task. These common sense tips can help your small business secure its systems and data from information security threats. Training from a company like our partner, Wolfpack Information Risk, can also help prepare your IT team for the challenges of creating a strategy for today's complex information security landscape.

1. Remember that people are always the weakest link

As important as it is to invest in robust security software, remember that your people are the most vulnerable point in your company's infrastructure. That's why you should invest in educating them about information security and put your information security policy in writing.

Basic training courses can help employees become more mindful of the many scams that exist - from phishing e-mails that try to entice them to surrender their passwords to phone calls from fraudsters looking for personal information. Make sure that your staff understands that:

* Organisations such as your bank will never ask for login details over e-mail or the phone.
* They should never follow an e-mail link that prompts them to log in to a bank or online account - it might be from a phisher.
* They should be vigilant for signs that an e-mail isn't genuine: obvious spelling and grammar mistakes, a mismatch between the e-mail domain and the company name, or a promise of money that's simply too good to be true.
* They should be careful of the permissions they give mobile apps, especially if they use their mobile phones for work.

2. Keep your software up to date

Software updates often contain critical security vulnerability fixes which close off holes that hackers might exploit to gain access to your systems. It's thus wise to activate automatic updates for all your software, including your operating system (Windows), antivirus software, Adobe Reader, Adobe Flash and Java. Use applications like Update Checker and AppFresh to see if your other applications are up to date.

3. Install antivirus on all devices

With the plethora of malware that currently exists on the Internet, it's essential to download and install either a commercial or a free antivirus. More comprehensive products will include tools such as firewall, parental control and anti-spam in addition to the malware protection.

4. Don't open email or attachments from untrusted sources

Be wary of e-mail attachments from unfamiliar e-mail addresses; be careful of opening executable files even from people you know.

5. Be mobile app savvy

Don't be complacent about mobile apps - occasionally something dangerous can slip through the approval process on the official Google and Apple app stores. Be wary of what permissions app seek to access your personal data - why should a weather app want access to your contact list. Also, don't jail break or root your device so you can run pirated software - this will expose you to a larger risk of malware, quite aside from the legal and moral issues.

6. Create strong passwords

Password-protect all your devices - laptops, mobile phones and tablets - so that other people can't access them without your permission. Create strong and unique passwords, preferably different ones for different devices, apps, and online services. You can use a password manager like 1password to manage the challenge of remembering different passwords.

Ensure your passwords are strong so they can't be easily guessed or cracked: they should be longer than seven characters and make use of a combination of lower case, upper case numbers and special characters (e.g. @ # $ % !). Don't share your password with anyone or write it down. For an extra layer of security, use two-factor authentication. This means setting up your apps and services to require both a password and a one-time PIN (sent via e-mail or SMS) or a fingerprint.

Tarsus Academy

Tarsus Academy is a focused, speciality training organisation that thrives on uplifting customers and people through accredited training and skills development instructors. Its facilitators possess the certifications and credentials to enable and align individuals with current industry developments.

Tarsus Academy's accreditation is internationally recognised and it is the only service provider for its prospectus.

Tarsus Academy is part of the Tarsus Technology Group (formerly MB Technologies) and has as its sister companies Tarsus Distribution, Tarsus SecureData, Tarsus Cloud On Demand, Tarsus Channel Capital, Tarsus Channel Risk Management, Tarsus Emerging Markets, Tarsus Dispose-IT, Printacom and GAAP.

The Tarsus Academy's head office is situated in Johannesburg with branches in Cape Town, Durban, Port Elizabeth, Bloemfontein, Nelspruit and Polokwane. The Tarsus Technology Group has an extended footprint in Africa with operations in Namibia, Botswana, Zambia, Mozambique, Kenya and Nigeria with teams on the ground in Uganda, Ghana and Ivory Coast.

More information about Tarsus Academy is available at:

Editorial contacts
join.the.dots Candice Turner (+27) 11 568 0709
Tarsus Technology Group Ross Moody (+27) 11 531 1000
See also