Steve Ross: Why anti-virus software isn't enough

Every small business should take cyber-security seriously, but protecting yourself means more than just installing anti-virus software.

Shackleton Technologies managing director Steve Ross. Picture: Contributed
Shackleton Technologies managing director Steve Ross. Picture: Contributed

It’s a mistake to assume only enterprise organisations need to worry about cyber-threats. Government research from 2015 shows that 74 per cent of small business organisations suffered a security breach, suggesting SMEs are starting to be seen as “easy” targets.

Most small business owners understand the need for cyber-protection but assume anti-virus will be enough to shield their organisation – unfortunately, your network can be compromised in a number of ways beyond the catch-all term “virus”. If you want to avoid the damage those attacks can cause, you’ll have to prepare for a range of eventualities.

Sign up to our daily newsletter

What anti-virus does – and doesn’t do

Anti-virus software is useful for protecting against known threats. It uses a database to recognise malicious files, dangerous URLS and other risk issues – and can alert you and quarantine them before they infect your network.

But new iterations of viruses emerge constantly, presenting threats which antivirus software is unprepared to handle. New hacking and phishing strategies also spring up, each designed to target potential weak points in your IT network.

The moral of the story: think multi-dimensionally about cyber-security.

Cyber-security measures

So, beyond antivirus, what cyber-security measures should your small business take?

Update strategy: Security loopholes in software platforms are discovered frequently – and exploited by hackers. Keeping your IT network updated regularly ensures any loopholes are closed at the earliest possible opportunity.

Email filtering: Email attacks come in a number of different guises, from ransomware to phishing, so stopping these threats before they reach your mail server and email inbox are a must.

Web filtering: The internet is another major threat from attacks, from malicious advertising on legitimate sites which look to infect your device to known websites that are infected the threats are increasing. Implementing web filtering should always be considered.

Router/Firewall: For any business, their router or firewall is the gateway to the outside world – ensuring your business is protected by a business-class device which meets your individual needs is key.

Wireless: Most businesses have a wireless network of some sort but by allowing both business, non-business and guest devices the overall risk to your business IT network is increased. Implementing a separate guest network and restricted business wireless networks reduces the overall security concern.

Secure remote working: Opening up your business IT network to allow remote access is always going to increase the attack surface, but ensuring any implemented solution is as secure as possible minimises the overall risk.

Education and training

Ultimately, your cyber-security measures are only as good as your and your employees’ ability to use them. The range of threats on the cyber-security landscape means the best protection is actually your own employees.

Everyone in your organisation should understand basic cyber-security protocol: logging off devices, changing passwords, identifying phishing emails and malicious links, and understanding how to handle company and client data.

The better your company understands its own security, the easier it will be to avoid and handle the threats it faces.

• Steve Ross is managing director of Shackleton Technologies