Security

Small Business Security Essentials

Small Business Security Essentials

Cover for Small Business Security Essentials
IT Stratus
IT Stratus

This is our first security article, mainly in the context of a small business but it will hopefully contain useful information for wider audiences and individuals. It’s all to easy to be complacent when it comes to online security but as recent news headlines have proved and will continue to, the consequences of complacency can be very significant. What’s absurd is with just a little work and common sense, it’s easy to greatly reduce your chances of becoming a statistic and by reading on, this will hopefully help you to become “IT security wise”.

In a similar way to installing a house alarm, having the right systems and software in place will help prevent attacks and for those that slip through the nets, it will either prevent or greatly reduce the damage that can be done.

Your Infrastructure

Your business infrastructure and systems

Essential Security Pointers

  • Install all system and software updates promptly.
  • Use commercial security software on all devices; free solutions are inadequate.
  • Log in using non-administrative user accounts whenever possible.
  • Monitor all system messages carefully, and contact support if you are in doubt about any alert.
  • Ensure remote work connections are secure (use HTTPS or a VPN).
  • Backup critical files regularly, and avoid using your desktop or local workspace for primary storage.

Remote Management System

We have recently implemented a remote management system to provide managed clients with centralized control and enhanced alerting capabilities. We are actively rolling this system out across all clients, along with several other infrastructure improvements.

If you are in any doubt about any of the points made or would like a free audit of your system, please get in touch before it’s too late.

Email phishing

Email phishing Phishing emails are increasingly sophisticated, making it difficult for clients to determine legitimacy. Despite the rising complexity, the core identification principles remain simple.

Treat every email as non-genuine until proven otherwise. Your suspicion level should immediately rise if the answer to any of these questions is “Yes” (and even more so if multiple points apply):

  • Was the email from this company or individual unexpected?
  • Is the email inviting you to click a link, send a reply, or make a call?
  • Is there a time limit or pressure for you to take immediate action?
  • If the message appears legitimate, is the nature of the inquiry unusual or out of character?
  • Was the message delivered to your SPAM folder?
  • Does the email contain spelling mistakes or bad grammar?

If you’re in any doubt then the ONLY action you should take is to either delete or better still forward the message to our [help desk](mailto:helpdesk@itstratus.co.uk?subject=Suspected phishing email).

Safe Internet Browser use

Secure Web browsing When you visit any site online, check the beginning of the URL in your search/address bar. Any online business worth their salt, will have installed a security certificate and the site will normally redirect your browser to the secure version, regardless of the page visited.

The important thing to takeaway here, is the address for the website MUST begin with ‘https://’, not ‘http://’ and MUST display a closed padlock symbol just to the left of this and in green (see Illustration). You would expect this to be the case for the whole site, although at the very least, it MUST be present wherever your payment details are submitted.

If you receive any other display or do NOT see the ‘https://‘ prefix, then you should be looking elsewhere.

The Hidden Threat of Mobile Devices on Your Network

Mobile devices and Apps

Mobile devices like smartphones and tablets pose a significant, often overlooked security risk. Because these devices connect directly to your internal home or business network, they frequently bypass the standard perimeter defenses that protect your systems.

The most common vulnerability is the installation of malicious mobile applications (apps). Rogue code, whether hidden in a game or disguised as a legitimate tool, can exploit this internal access to hack your systems or steal sensitive information.

You must be cautious about the software you install. Reputable platforms (Android, iOS) require developers to specify app privileges. When installing or considering a new application, always review the permissions required. Ask yourself: Why does this app need access to my contacts, GPS, or camera? Modern operating systems will prompt you for these permissions—always acknowledge these requests with care.

For users who find reviewing technical permissions challenging, installing a dedicated mobile anti-virus and security product (such as ESET Mobile Security) is strongly recommended. This solution actively attempts to protect your device from viruses and malware, providing a necessary layer of defense.

To discuss mobile security coverage, contact us today, regardless of whether IT Stratus currently manages your core system.

Secure Passwords (Not Enough)

Password securityDo any of these passwords look familiar “password”, “december18”, “qwerty”, “123456”, “welcome”, “admin”?

Even if they don’t there are still far too many of us using common passwords and/or the same password for multiple accounts that are not only easy to compromise but also allow a hacker to access a lot of information very quickly. Don’t become a victim and start by changing your habits today, it’s not too late.

We realise it’s not easy for most users to create not only complex passwords but also different ones for multiple accounts, however that is a very outdated excuse for adhering to the above advice. Using an online Cloud service like LastPass allows you to generate complex and unique passwords and to easily and automatically log you into your web based accounts using a simple browser plugin, available for all the mainstream Web browsers like Chrome, Firefox, Safari and Internet Explorer.

MFA Multi-Factor Authentication

Multi-factor authentication As a minimum enable 2FA on as many accounts as possible. 2FA, much like most online bank logins, requires you to enter a OTP (One Time Password) in addition to your normal password and is widely adopted by most major online sites and increasingly many others too. Most 2FA systems support multiple systems and one of the most widely adopted Google Authenticator, that can be installed on most mobile devices and is also free. Some services may also allow just a text message to be sent to your device with a OTP but be aware that you’re then at the mercy of your mobile network and the speed of this delivery also.

Review

We hope this article has helped open your eye’s to just some of the important IT security practices and in future articles, we hope to highlight more ways to protect you and your business.

If you require any further information or assistance in any business IT matters, please do not hesitate to get in touch. If you would like to find out more about this subject, download security awareness posters or access tools to help with security matters, we can provide further information and support.

Useful Resources

We have more information and videos at our support portal, so please ask if you require more information:

Tags: #phishing #passwords #2fa
Back to all posts

Related posts

Have some questions? Need advice? With over 40 years experience, whatever your IT problem we're here to help, call today...

twitter (x)

linkedin

facebook

Services

Solutions

Company

Copyright 2025 IT Stratus Ltd. All Rights Reserved