Find your way with our blog

COMPASS

    We want to give you as much value as possible. Our blogs and newsletters cover everything from T slips and tax deadlines, to tips on staying organized, and recommendations on great resources for small business owners.


    Subscribe to our upcoming newsletter for small business advice, and financial and tax tips for entrepreneurs.

    Cybersecurity tips to protect your small business

    Cybersecurity: Protect your small business now

    Matt Peterson October 19, 2024

    Cybersecurity can feel like a huge, complex topic, but here’s something that might surprise you: your biggest security risk isn’t just the software you use — it’s your own team. Today’s hackers have become pros at tricking people into handing over sensitive information. So while you should definitely install malware, spyware and antivirus software, that’s no longer enough to keep your business and client data safe. Educating your team is essential.

    In this blog, we’ll break down the risks, the methods hackers use to breach systems and tips to help your team keep your business safe.

     

    Risks of a cybersecurity breach 

    Most hackers are after your data. They often sell it to third parties who can combine it with other information and launch an attack. Some even lock down your systems and hold them for ransom.

    Once they’re in, hackers can:

    • Steal confidential info
    • Hijack your webcam
    • Get your usernames and passwords
    • Install malware
    • Spy on your activities through spyware 
    • Sell your details to add you to a botnet — a network of compromised devices
    • Download malicious apps to your device

    A breach could result in stolen identities or worse, problems that could take years to fix.

     

    Common cybersecurity threats

    Hackers often rely on social engineering — manipulating people into giving up confidential info. These threats can come through email, text, voice messages or even calendar invites.

    They’re clever, too. Hackers might browse your social media, find out some personal details, and send a message that sounds like it’s from a friend or colleague. They create urgency, like a fake message from the CEO asking for an immediate payment, making it easy to fall into their trap.

     

    Password hygiene: password phrases and managers

    Strong, unique passwords are one of the best defences against cyberattacks, but there’s more to it than just making them complex. 

    Use passphrases over passwords

    Instead of random letters and numbers, try using passphrases — short, memorable phrases that are easy to recall but tough to guess. For example, “SunnySkies&Tea!” or “MountainHiking#23.” Passphrases are often longer and just as secure, while still easy for you and your team to remember.

    Try a password manager

    Make life simpler for your team by using a password manager, like LastPass or 1Password. These tools securely store and organize complex passwords across accounts. They also create strong, unique passwords for each login, reducing the risk of reusing passwords and keeping hackers at bay.

    Use unique passwords for every account

    Using the same password across multiple accounts is a big security risk. A password manager can help your team create unique logins for every account, lowering the chances that a breach spreads from one account to another.

    Enable device authentication and biometrics

    Many devices support biometric authentication — like fingerprint or facial recognition — as an extra layer of security. If possible, encourage your team to enable biometric authentication on any work devices, especially those with access to sensitive information.

     

    Multi-factor authentication (MFA)

    Multi-factor authentication (MFA) adds an extra security layer. Even if a password is compromised, MFA makes it much harder for hackers to gain access. 

    Two-factor authentication (2FA)

    The most common type of MFA, 2FA requires two steps to access an account. You usually enter a password first, followed by a unique code sent to a registered phone number or email. This extra step means hackers would need both your password and phone or email access to get in.

    App-based authentication (Authy, Google Authenticator)

    Instead of using SMS, which can be less secure, app-based authenticator tools generate time-sensitive codes in an app. These codes refresh frequently, providing a more secure way to protect accounts than SMS-based 2FA.

    Device authentication

    Many platforms let you register “trusted devices” so that you only need to verify them once. But it’s best to limit these to secure, private devices and keep an eye on any unusual login activity associated with your account.

     

    Cybersecurity tips for your team

    Even if you don’t have formal training for your staff, everyone on your team should know the basics of how these threats work. Here are a few simple ways they can protect your business:

    • Clean desk policy: No passwords on Post-it notes left out in the open. And always be aware of who’s around when you’re working.
    • Be social media smart: Don’t post personal details like travel plans — hackers use this info to their advantage.
    • Stay alert: If you find a random flash drive or get an unexpected email, call or text, think twice before engaging.
    • Avoid public WIFI: Unless you’re using a VPN, steer clear of public WIFI with your work devices.

    Regular software updates and patching 

    Make sure your team regularly updates their software, including operating systems and security programs. Hackers often exploit vulnerabilities in outdated software, so keeping everything up to date can close these gaps.

    Phishing emails

    Don’t let your team members be tricked into giving away sensitive information or taking a dangerous action (such as clicking a link or opening an attachment). Share these red flags with your team: 

    • Suspicious subject lines: If it doesn’t match the content or you never requested it, it’s a red flag.
    • Unfamiliar recipients: If you don’t know the other people copied on the email, it’s worth questioning.
    • Strange senders: Even if you recognize the name, if the email feels off or unusual, be cautious.
    • Odd hours: Emails from colleagues sent at 3 AM? Be wary.
    • Unexpected attachments: If it wasn’t expected, don’t open it.
    • Urgency and threats: Hackers often pressure you to act quickly. If you’re feeling rushed, double-check before responding.
    • Spelling mistakes in links: Hover over any link — if the URL looks suspicious or doesn’t match, stay away.

    Backup and recovery plans

    Having a solid backup and recovery plan is crucial. Encourage regular backups of your data so that if your business does experience a breach, you can restore your systems quickly and minimize damage. Additionally, consider creating a cybersecurity incident response plan that outlines the steps to take if a breach occurs. This will help you act quickly and reduce downtime.

     

    Network security: avoid home Wi-Fi

    Running your business on home Wi-Fi might be convenient, but it’s not the safest choice. Home networks usually lack the layers of security that a business needs, leaving your operations more vulnerable to cyber threats. Setting up a dedicated business network is a simple way to improve security and protect your data. Here’s how to get started:

    • Set up a firewall: Think of a firewall as your network’s security guard, blocking out unauthorized access while keeping your business data safe. A firewall can screen incoming traffic, flagging anything suspicious and keeping out threats before they reach your devices.
    • Use secure access points: For better control over your network, consider setting up a dedicated business access point. Unlike home Wi-Fi, secure access points let you customize settings and keep track of who’s using your network, giving you peace of mind and added protection.
    • Keep work and home networks separate: To avoid accidental risks, keep business operations on a separate, secure network. This separation prevents less-secure devices at home from potentially compromising sensitive business information.

     

    Security for remote work

    With more businesses allowing remote work, it's important to take extra security measures for remote teams. Make sure they are using secure connections, like a VPN, to access company systems. Encourage them to secure their home networks and avoid working on personal devices without company-approved security measures.

     

    Common scams and ransomware prevention

    Ransomware is a growing threat, where hackers lock down your systems and demand payment to restore access. You can protect your business by making sure your team is aware of these scams and by backing up your data regularly to avoid being held ransom. Additionally, you can take measures like restricting file downloads or limiting access to sensitive data to protect your systems from ransomware attacks.

     

    Security audits and penetration testing

    It’s also worth investing in regular security audits or penetration testing to identify any potential vulnerabilities before hackers do. There are even low-cost or free tools that small businesses can use to test their defenses.

     

    If the whole topic of cybersecurity feels overwhelming, you’re not alone. We work with Proactis, a trusted cybersecurity partner specializing in solutions for small- and medium-sized businesses. They also led a cybersecurity training for our team that was incredibly helpful.

    Need more advice for running your business? Check out our small business blog for more great tips!
    Comments (0)

    ABOUT US

    Our Team
    Why True North
    Plans & Pricing

    SERVICES

    Bookkeeping and Write-offs
    Small Business Tax and GST
    Dividends, Payroll, and T-slips
    Personal Tax and Finances
    Small Business Advisory Services

    INDUSTRIES

    Oil and Gas
    Management and Consulting
    Trades
    Marketing and Technology
    Healthcare
    Other Professionals

    RESOURCES

    Ebooks
    Toolkit
    Partners
    Newsletters
    Videos
    FAQ

    BLOG

    Starting a Business
    Small Business Basics
    Bookkeeping
    Corporate Tax
    Personal Tax
    Strategic Advisory

    OKOTOKS

    84 Elizabeth St., Box 869 Okotoks, AB T1S 1A9

    CALGARY (BRIDGELAND)

    210 7 St. NE, Calgary, AB T2E 4C2

    Monday - Thursday : 8:30AM - 4:30PM
    Friday : Appointment only
    Saturday - Sunday : Closed

    (403) 938-4064 • info@truenorthaccounting.com

    Copyright © True North Accounting LLP, Chartered Professional Accountants 2021