Protecting your Business from Cyber Attacks

Troy Gerrie • June 5, 2023

In today's digital age, businesses of all sizes are vulnerable to cyber attacks. Small and medium-sized businesses (SMBs) are particularly attractive targets for cybercriminals due to the lack of enterprise-grade security measures which are historically considered out-of-reach compared to larger organizations. However, with the right strategies and a layered approach to security and access to modern tools, SMBs can significantly reduce the risk of falling victim to cyber attacks. In this article, we will discuss various measures that SMBs can implement to protect their business from cyber threats.

Secure Backup and Recovery

One of the most critical aspects of cybersecurity is ensuring secure backup, recovery and continuity of business information. Regularly backing up your data and storing it in a separate location, preferably off-site or in the cloud in an isolated fashion, can help mitigate the impact of ransomware attacks or hardware failures. By having up-to-date backups and a fool-proof Disaster Recovery plan, you can restore your business information systems rapidly to minimise downtime.

Patch Management

Keeping all software, operating systems, and applications up to date with the latest patches and security updates is essential to protect your business from known vulnerabilities. Implementing a comprehensive patch management strategy ensures that your systems are fortified against potential exploits.

Multi-Factor Authentication and Identity Management

Implementing multi-factor authentication (MFA) provides an extra layer of security by requiring users to verify their identities through multiple factors, generally via an App on the users Cell phone. This makes it significantly harder for cybercriminals to gain unauthorized access to your business systems or sensitive information. Coupled with robust identity management practices, such as Conditional requirements upon sign-in, MFA enhances your overall security posture.

Device Management and Endpoint Detection and Response

As the number of devices connected to your network increases, so does the potential attack surface for cyber threats. Implementing effective device management practices helps ensure that all devices connected to your network, including employee-owned devices, adhere to security policies and are regularly updated. Endpoint detection and response (EDR) solutions provide real-time monitoring and threat detection capabilities, enabling prompt action against potential security incidents.

E-Mail Hygiene

Human error remains one of the leading causes of successful cyber attacks. Educating your employees about cybersecurity best practices is crucial first-layer defence in reducing the risk of falling victim to phishing attempts, social engineering, or other forms of manipulation. Regular security awareness training sessions can help employees recognize and report suspicious activities, strengthen password hygiene, and develop a security-conscious mindset.

Firewall and LAN Management

Securing your business's email infrastructure is crucial for preventing email-based attacks. Implementing Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols are all some strategies can help authenticate and verify incoming and outgoing emails, reducing the risk of email spoofing, phishing, and other email-based threats.

Password Management

Weak and reused passwords are a significant security vulnerability. Encourage your employees to use strong, unique passwords and implement a password management policy. Consider utilizing password management tools or password vaults to securely store and manage passwords.


Securing your business from cyber attacks is an ongoing process that requires a layered approach to address various vulnerabilities. By implementing secure backup and recovery practices, effective patch management, multi-factor authentication, device management, security awareness training, email hygiene, firewall and LAN management, and password management, SMBs can significantly enhance their cybersecurity posture. Remember, security is a journey, not a destination. Stay vigilant, adapt to evolving threats, and regularly review and update your security measures to protect your business from the ever-growing cyber threat landscape.


More information on the security critical 8 and what's involved.

Recent Posts

Why you should think of your technology partner as an iceberg.

February 21, 2025
And no, it’s not because it has the potential to turn you into a Titanic. Rather, it’s because what you see and interact with most days is just the tip of what we do. Below the waterline of everyday interaction is a significant mass of knowledge, expertise, and strategic value – all aimed at helping to secure and enable the growth of your business.

NZ Privacy Act – what you really, really need to know - (Data Privacy Day Part 2)

By Yorb January 30, 2025
In part 1 of our Data Privacy Day blog, we discussed the state of cybersecurity in New Zealand (as you do) and the critical importance of data governance. You can catch up on the whys and wherefores of data governance as it applies to you here . Moving on, this time, we’re focusing on the 13 Information Privacy Principles in our Privacy Act (2020) and what you need to do to stay on the good side of our legislation – and your customers. But first, this is why you should care.

Data Privacy Day, and why you should mind your own business - (Data Privacy Day Part 1)

By Yorb January 23, 2025
Data Privacy Day has been internationally observed on 28 January since 2007. Its purpose is to raise awareness and promote best privacy and data protection practices. It serves as an excellent reminder of exactly how precious our data is, as well as our ethical and legal obligations as businesses to securely manage and protect it. So, in terms of data privacy, how have we fared here in New Zealand? Why is data governance so important - what is it, and why exactly do you need it? Warning – triggering content: It may not be your job to manage data – and you may not think you even need to care about it. But if you are a stakeholder, it’s your responsibility to make sure that your business complies with New Zealand’s privacy and data protection best practices.  This is a big topic (sorry!), so it’s in two parts.
Share by: