Kinyarwanda version

Small businesses are targets for cybercriminals as they have less resources than larger businesses, and in most cases less sophisticated cybersecurity, whilst still hosting important client data and financial capital.

Through the adoption of some best practices that require little or zero financial resource, small businesses can help protect themselves from malicious actors and potential cyberattacks.

1. Conduct regular training programs for your employees

Training staff well can mean your whole team is aware of the latest cybersecurity risks and able to sufficiently respond in such situations.

Seek capacity building for your employees through training applications, awareness workshops and if feasible, cybersecurity certifications.

2. Install antivirus or endpoint protection software

By installing antivirus or endpoint protection software on your work devices, even if employees were to work remotely, they can still initiate regular scans of their device and scan all attachments and downloaded software, so as to prevent running malicious content.

3. Use a firewall

A firewall acts as a digital shield preventing outsiders from accessing data on a private network. Ensure that work devices have their operating systems firewall enabled, or download and install firewall software online from reputable and official vendors.

4. Update your software

With all the devices you use within your business, applying software updates will help to fix newly discovered bugs and security holes that could leave them vulnerable targets to malicious actors. Ensure software updates are applied as immediately as they become available.

5. Secure your router

An unsecured WI-FI network leaves your business vulnerable to attacks that aim to steal company data or money.

To secure your WI-FI router:

• Move your router to a physically secure location to restrict access

• Change the WI-FI password regularly and make it strong and unique

• Change the network name so that it is harder to identify

• Update your firmware and software

• Double-check your router uses WPA2, the most secure and commonly used encryption method

6. Use multi-factor authentication

Passwords are no longer enough to ensure business logins are secure.

Apply multi-factor authentication to your business logins so that all logins require an additional piece of information to verify your identity. This makes it harder for a malicious actor to gain access to sensitive business information.

7. Perform risk assessment

A cybersecurity risk assessment is critical for determining whether or not your business is prepared to defend against a range of cybersecurity threats.

Depending on the risk assessment framework you choose to adopt, your business will identify, analyze, evaluate, prioritize, treat and monitor risk, so that you are aware of potential treats and the processes for your business to respond.

8. Regularly backup your data

Regular backups mean you have additional copies of your data outside of your business network. In the case of a breach, these backups can offer a solution towards company data that has been lost or made inaccessible by malicious actors.