A graphic with text that reads 90% of data leakage is caused by user mistakes


Welcome to Day 3 of Business Self-Defense from Microsoft Canada. Today, we focus on what you and your employees can do to help spot and avoid business disaster. Here are 10 don’ts to better safeguard your business.

Typically, we only hear about infamous security breaches that happen to celebrities or attacks targeting global multi-national organizations. But the reality digs much deeper. Small businesses and medium-sized businesses in Canada are just as much at risk from breaches. How much is your customer, transactional, and operational data worth to you?

43% of cyber-attacks target SMBs. And when targeted, 60% go out of business. Don’t let that happen to you! Beef up your digital security by understanding what not to do. Here are 10 security DON’Ts to protect and defend your organization.

1) Don’t click first & ask questions later

Cyber criminals are getting craftier these days. They may also use bots to write and deploy phishing scams. Sometimes, differentiating fake from genuine communication can be very difficult. Be mindful and look for the signs. Train yourself and your staff to be cautious and to AVOID:

  • opening unknown attachments
  • responding to random requests for info
  • clicking on suspicious links

It only takes hackers 4 minutes to get into a network, but 99+ days for businesses to discover they’ve been breached

Start by upgrading to the latest version of Outlook. The upgraded security features like two-step verification benefit your business.

2) Don’t use dumb passwords

If you still use passwords to secure anything, this is for you. 63 percent of passwords are weak, default, or stolen. Although the average password now contains more than eight alphanumeric characters with or without special characters like @$#&%, many small business owners and their staff use unsecured passwords.

Tip: Instead of trying to remember random letters and numbers, try using a sentence about you, e.g. IwasborninVancouverin1973.

3) Don’t rely on out-of-date tech

Just because “it still works,” doesn’t mean it’s safe. In fact, relying on an old device or outdated software can put you at risk. Your IT team has better things to do than run virus software checks or retrieve lost files.

Replace those old laptops! A small business PC ownership cost study conducted by techaisle determined that old PCs experience nearly two times the frequency of problems as newer ones.

Still running Windows 7 or an old version of Office? You’re leaving your business exposed to threats. Upgrade right now to Windows 10 and modernize your business by moving to Office 365.

4) Don’t ignore your devices

If you’ve equipped your teams with mobile devices, bravo! But don’t forget your staff’s personal devices. Most employees use their personal devices while on the job. Password-protect every phone, tablet, and laptop. Then, increase security by leveraging Microsoft’s built-in Mobile Device Management for Office 365 to allow you to lock, wipe, and reset a lost or stolen device remotely.

5) Don’t go it alone

Leverage the HUGE investment Microsoft makes in security. Store, secure, and unify your data safely behind firewalls in our cloud. SharePoint makes file sharing lightning-fast and keeps your team from using thumbnails and other devices that can get lost. Use OneDrive—Office 365’s storage service—to automatically back up your files. Decide who sees it or who edits it documents, adding another layer of protection for your data.

Watch the webinar

A screen grab from the Cyber Intelligence webinar, which features three speakers

Discover how to motivate your team to help prevent a security breach. This video-on-demand in the Modern Workplace series focuses on the human element and what you and your team can do. Link here.

6) Don’t overlook encryption

Many emails contain sensitive data and, if you’re not doing it already, it’s easy to encrypt sensitive emails using Outlook and Office 365. Looking for a one-click solution? OneDrive for business password-protect all files saved to the cloud.

7) Don’t assume your apps are safe

Backing up your files is one issue, but your apps are just as important. Day-to-day operations of many small businesses rely on inventory systems and accounting software to function every day. For mission critical applications, we recommend hosting and optimizing apps using Azure services, the Microsoft Cloud toolkit for business. Always have your go-to programs up and running.

8) Don’t forget fixes and updates

Windows 10 and Office 365 may update themselves automatically, but what about all the software you may use? Don’t trust outdated software apps, operating systems, even browsers. Keep everything as up-to-date as you can to ensure your business always stays as protected as possible.

9) Don’t just plan for the best

Even small business owners should invest the time and resources to develop a disaster recovery strategy. Microsoft Azure Site Recovery orchestrates the replication and recovery of virtual machines that are key to your business’ survival. Did you know that every 30 seconds, the Windows Server 2012 R2 replicates servers in the event of a disaster? Now that’s timely.

10) Don’t just talk about it

Emails won’t cut it. Train your employees to understand the risks and know how to recognize the signs of scams and potential breaches. Explain why it’s important and what can happen should a security breach occur. Your team has a vested interest in your business’ success. Make security part of your corporate culture.

Get expert help

Already working with a Microsoft partner? Ask them how you can improve your digital security. If you aren’t working with a partner, let us introduce you to partners in your community. Visit the Microsoft Solution Providers page to do a quick search!

Watch the webinar

A screen grab from the Cyber Intelligence webinar, which features three speakers

Discover how to motivate your team to help prevent a security breach. This video-on-demand in the Modern Workplace series focuses on the human element and what you and your team can do. Link here.