Skip Navigation

August 12, 2020 |

Cyber security basics: 7 best practices for your business

Loading table of contents...

While most small businesses may understand the importance of cyber security, they might not know the steps to take to improve their defence. And if you’re not a cyber expert, it can be nearly impossible to stay ahead of new and ever-evolving cyber threats and risks.

The truth is cyber security best practices go a long way when it comes to protecting your business from a cyber attack. And you don’t need to be an expert to learn and implement them. Before we dig in, let’s start at the beginning with a few definitions of basic cyber security concepts.

What is a threat surface?

Your threat surface is all the parts of your IT network where cyber criminals could identify security gaps, holes, or other potential vulnerabilities, and gain access.

The challenge is, like cyber threats, your company’s threat surface is always changing and evolving. You add and remove hardware. Your team routinely installs and updates software. Employees connect to your network from new devices or locations. User activity varies every day. All these moving parts make assessing and securing your threat surface a challenge.

Understanding, reducing, and protecting your threat surface is foundational. It’s the first step in proactively avoiding a cyber attack and preventing the damage of a data breach.

Cyber attack vs data breach

A cyber attack occurs when a cyber criminal launches an attack on one or many computers or networks to disrupt, disable, destroy, or maliciously control computing infrastructure, destroy the integrity of data, or steal controlled information. There are many attack tactics—malware, phishing, man-in-the-middle, and more—and just as many motivating factors.

Cyber attacks can disable the systems that you rely on to run your business and may result in data breaches that occur when the attacker destroys, steals, shares, or sells your confidential data.

Cyber attacks can disrupt normal business operations and, especially if data is compromised, can leave you with a major bill and significant damage to your business: productivity decrease, reputation loss, customer impact, expensive repairs, data recovery, and even lawsuits and regulatory fines.

When it comes to cyber security, getting the basics right is vital. Every business—no matter the size or industry—should follow cyber security best practices as part of a strong cyber security strategy to protect their confidential data and business operations from cyber attacks.

1. Know your network

Start by understanding what your company’s network looks like—what software you use, how many devices are connected to your network, what devices are exposed to the Internet, what type of data you collect, and who has access to it.

Not knowing your network is like wearing a blindfold. A cyber attack could happen at any point and continue undetected for months, compromising your valuable data, because you missed it.

Learn your IT network and where vulnerabilities may exist, and you’ll be in a much better position to defend against a cyber attack.

2. Offer cyber security training

Studies show that many data breaches are due to employee negligence and, due to COVID-19 normalizing remote work, the risk has only grown.


Employees are your first line of defence.

Set them up for cyber security success with The Employee Cyber Security Handbook.

Download now


Anyone who uses the company’s IT network, applications, or email server must undergo cyber security training. At a minimum, teach employees the cyber security basics and a few best practices for safe computing. They should know:

  • what constitutes a strong password,
  • how to use a password manager,
  • telltale signs of a suspicious web link or attachment, and
  • what to do if they receive an illegitimate email.

Remember that the level of training should match the job’s level of risk. Employees who handle financial transactions, for example, should receive additional education. Additionally, make sure training is not a check-the-box activity. Conduct regular workshops, either as a refresher or to raise awareness as you learn of new threats.

Small and mid-size enterprises (SMEs) often benefit from using a dedicated training solution or services instead of creating their own. A qualified service will not only provide expert tips on safe computing but also foster a sense of shared accountability for keeping the company secure.

3. Update software and hardware regularly

Keeping your software up-to-date is one of the easiest ways to find and fix vulnerabilities before a cyber criminal gains access. According to a study conducted by Ponemon Institute, 60% of data breaches were linked to an available, but unapplied, software patch.

When a software patch becomes available, it’s usually because the vendor identified a glitch, bug, or some other risk and the patch resolves the issue. If you choose not to install the patch, you’re leaving vulnerabilities open for cyber criminals to exploit.

4. Require strong passwords

Password attacks are remarkably effective because many people still rely on easily guessed passwords. Reduce that threat by requiring your employees to use strong passwords for all devices.

Use unique and complex passwords for every account, composed of upper and lowercase letters, numbers, and symbols. It may seem like common sense, but ensuring secure passwords across your business is a key element of cyber security.

Investing in a password manager tool is a wise choice as it automates the process of creating, using, updating, and securing passwords.

5. Backup your data

No matter how many steps you take to secure your business, or how confident you are that a cyber criminal won’t find a way in, it’s still important to regularly back up your data.

Back up your data to an external hard drive, a cloud backup service, or another secure location that’s not connected to your network or easily available to attackers on your network.

If a cyber attack occurs, conducting regular data backups will help you and your employees get back on track. Backups are especially helpful if your data becomes encrypted during a ransomware attack. You can restore your files from the latest backup to minimize the damage caused by the cyber criminal.

6. Ensure safe web browsing

Knowing your network, training your employees, and updating your software regularly are massive leaps forward on the road to a strong cyber security defence. But cyber criminals work around the clock, always finding new ways to access and wreak havoc on a company’s network.

Using cyber security tools, such as a virtual private network (VPN) and firewall, is a great way to add extra layers of protection.


Not sure what to look for in a cyber security tool?

Discover how to choose a cyber security solution that offers the protection you want and need.

Get the eBook


7. Use cyber security solutions

There are various cyber security solutions on the market. Choose a tool that protects your entire threat surface (endpoints, network, and cloud-based services) by detecting and addressing cyber attacks, suspicious behaviours, and even vulnerabilities.

Ensure that the solution is easy to use and understand, with threat alerting that actually makes sense. You don't want to be stuck with a tool sending you endless streams of alerts with little-to-no information on how to address the problem.

Implementing these best practices

A few simple cyber security basics can go a long way when it comes to protecting and securing your business from cyber threats. It all starts with following best practices. Every business should ensure that there’s a base understanding of the cyber security basics as part of a strong cyber security strategy.

If you want to dive a little deeper into cyber security concepts and best practices, download the Cyber Security 101 eBook today.