Procurement · 30 April 2020

How to keep your business cyber-safe during lockdown

Cybercrime strategies

Nic Sarginson, senior solutions engineer for UKI and RSA at Yubicodetails the ways small businesses can protect themselves from cyber threats and attacks…

Every aspect of our business lives is now more connected than ever. From online banking and digital tax to online shopping, even basic? communication tools like email – the list goes on.

That’s why it’s important for small businesses to secure the applications and devices they depend on for these activities, and that doesnt mean just computers and laptops it extends to the mobile phones that employees use as well.

Whether yours is an e-commerce business that relies on a whole range of digital tools, or an organisation that’s mostly offline but uses email and social media, all small businesses need to think about cybersecurity.

The endgame is the protection of the business? assets its data and devices and the prevention of online fraud and cybercrime. To make sure that is the result, good cybersecurity measures and effective online security practices and behaviours need to be in place.

With that in mind, here are four online security measures that all businesses can take:

1. Strengthen password practices

Passwords are still the most widely used form of authentication, but they are only as secure as the diligence that sits behind them. When employees use common passwords such as consecutive numbers or the word password, they run the risk of these being easily guessed. Should that happen, it can leave applications vulnerable to hackers.

Another common mistake is reusing the same password across a range of applications. In this situation, if the log-in credentials for one application become compromised, cybercriminals could gain access to multiple others simply by trying the same password.

Shortcuts and workarounds can undermine the security of passwords and unfortunately, such practices do go on. In fact, in recent Yubico research, 43% of UK IT professionals admitted their organisation uses sticky notes to manage passwords.

Strengthening security in this area involves using only complex passwords made up of letters, numbers and symbols, avoiding obvious dates and names. Better still, use a password manager like 1Password, Dashlane or LastPass which stores and generates unique, complex passwords.

Ideally, passwords form just one line of defence as there are further measures businesses can take to protect themselves and their data.

2. Additional authentication tools

passwords extinct

Two-factor authentication (2FA) provides a higher level of security than a username and password combination alone. It works by using two separate ways to confirm a user’s claimed identity. Typically, the first check is still a password but the other can be a physical device such as an authenticator or a biometric identifier, such as a fingerprint or iris scan.

An authenticator can be an application or hardware device, such as a security key. Employees register their key with the applications and devices they use and are then asked for the key each subsequent time they log-in, for a higher level of protection for networks, applications and data.

Authentication devices can help address the problem of mobile phone security. This is an often neglected area – worryingly, 55% of UK organisations responding to research said they didnt believe necessary steps were taken to protect information on mobile phones.

3. Diligence online

A common entry point for cybercriminals targeting organisations is through links, often contained within emails, and infected content. If employees click on such links, download or open such content, they risk exposing the company’s systems to malware.



Nic Sarginson is senior solutions engineer for UKI and RSA at Yubico. An industry veteran, Nic has held a range of roles within networks and security. Throughout his career, Nic has focused on ensuring that businesses deploy secure, low friction solutions that enhance both the overall business enterprise and user experience.

Tax & admin