IT Security for Small Businesses 2018

How to protect your business in 2018.

Most modern businesses use some form of IT system, networks, servers or computer equipment to store and send vital business information. Customer quotes, contact details, payment information, invoices etc. While this kind of technology is the key to maintaining an efficient, effective and competitive operation, it also leaves them vulnerable to criminal cyber attacks. In addition, imminent changes to Data Protection legislation in the EU and UK mean your business is at significant financial risk if your IT systems is not adequately protected.

The Threat of Cyber Criminals

Every business has key information about customers, partners, staff, finances etc. If this sensitive information falls into the wrong hands it can be used to steal or extort money or commit fraud such as identity theft. Small businesses are particularly vulnerable to this kind of attack as criminals expect them to use old IT systems with very little protection, making them a prime target.

Another possible tactic criminals may use is called ‘phishing’. They will send emails or create links on websites encouraging you or your employees to click on them. These links will take you to sites that may appear legitimate but are actually designed to steal personal and/or business information.

General Data Protection Regulation (GDPR)

From 25th May 2018 the new GDPR will come into force across the EU and UK. Essentially, this means that the law around Data Protection is getting stricter and the consequences of being non-compliant are more severe than ever. The new regulations are intended to improve the protection and privacy around an individual’s personal data. If your business is found to be inadequately protected, using insecure processes or suffers a security breach, fines can be as much as £17 million (€20 million) or 4% of your annual turnover.

How can you improve your IT security?

There are lots of security measures which will make your business’ IT system more secure, but the best place to start is with high quality security software for your computers. This will software will protect against viruses, spam, Trojan horse and will detect phishing or hacking attempts. It should also include a server-based firewall program to monitor your Internet connections and encryption technology.

There are free antivirus packages available, but for businesses with around more than 8 IT systems it is definitely worth investing in a more substantial security software package. Here are 5 of the leading programs on the market.

Best IT Security Software


Software Platforms Features Users Licence Period Trial Period
Avast Endpoint Protection Advanced Windows Antivirus, browsing protection, remote management 1-100 1-3 years 30-days
Symantec Endpoint Protection Windows, Windows Server, macOS, Linux, Virtual Environments Antivirus, browsing protection, firewall, application control, device control, remote management 1-350 1-3 years 60-days
Bitdefender GravityZone Business Security Windows, macOS, Linux Antivirus, browsing protection, firewall, device control, user control, remote management 3-50 1-3 years 30-days
Avira Antivirus for Endpoint Windows Antivirus, browsing protection, baseline network protection, remote management 3-10,000 1-3 years 30-days
Kaspersky Endpoint Security Cloud 1.0 Windows, Windows Server, iOS, Android Antivirus, browsing protection, firewall, device and web controls, remote management 10-150 1-3 years 30-days


Avast Endpoint Protection Advanced
Avast endpoint protection advanced logo
An easy to use program which offers real value for money if you’re business will be adequately protected by core antivirus, browsing protection and remote management for PCs. It is a little lacking in features but you could opt for the slightly more expensive (but still good value) Endpoint Plus which also includes firewall, spam filter and server protection.
Symantec Endpoint Protection
symantec endpoint protection logo
This program is at the pricier end of the scale but offers sophisticated protection for both servers and desktops. This software will run on PCs, Macs, Linux distros and many virtual environments but not mobile devices. Other key features include the company’s Insight file reputation technology (which detects and blocks even the very latest undiscovered threats) as well as antivirus, behaviour monitoring, intrusion protection, a firewall, and the ‘Power Eraser’ to remove stubborn threats and repair your system.
Bitdefender GravityZone Business Security
bitdefender gravityzone business security logo
This program is widely renowned for superior malware detection, removal, performance and ease of use. It is managed from a central console enabling you to monitor remote users and even adapt access permissions when users are outside the company. Automated features include anti-malware, URL filtering, firewall and web advisor but it’s also highly customisable.

Avira Antivirus for Endpoint
avira antivirus for endpoint logo
A great choice for small businesses, Avira offer an easy to use product for Windows operating systems only. It includes all the key features such as antivirus, baseline network protection, web filtering, file server protection and optimisation plus with application whitelisting and blacklisting. The online web console enables you to manage your devices and includes a range of mobile phone tools (anti-theft, phone finder, and more).
Kaspersky Endpoint Security Cloud 1.0
kaspersky endpoint security cloud 1.0 logo
This software will protect both PCs and mobile devices but including Windows PCs, file servers, Android and iOS devices. It includes antivirus, antispam, a firewall and more for desktops as well as a range of tools to detect insecure devices, control password rules, manage camera use, filter unwanted calls and texts, and remotely lock or wipe data from lost devices. It is managed via a simple web console where you can adjust internet access policies, device settings and more.

More IT Security Tips

The National Cyber Security Centre’s latest guidance on Cyber Security was published in November 2017. To help you identify what you could be doing to make your IT systems more secure, we’ve summarised the 5 key points here.

Backup your data

Identify your essential and sensitive data which your business needs in order to operate or would constitute a security breach if compromised. This information should be backed up to ensure that in the event of theft, flood, fire or physical damage it can be recovered. This also acts an insurance policy against ransomware attacks. Routine backups can be made to a USB stick, separate drive or computer or Cloud storage which isn’t accessible to staff or connected to the network holding the original data.

Protect against malware

In addition to installing the security software we’ve already talked about, there are other ways to prevent a cyber or malware attack on your IT system. Your staff should not be downloading apps or software from unauthorised sources and should only have the level of access / permissions which are appropriate to their role. All equipment and software should be as up to date as possible as the latest versions will have the most sophisticated security measures. Use of USB sticks and memory cards should be strictly monitored. Finally, assuming you have a firewall included in your security software, make sure this is turned on.

Make smartphones and tablets safe

If your business uses devices likes smartphones or tablets they also need to be protected, especially if they are used outside your premises. PIN codes, passwords and / or fingerprint recognition should all be used as standard. You should be able to track, lock and wipe devices remotely in case they are lost or stolen. Make sure they are set to automatically update to the latest software and, if possible, the latest model to ensure they have the best security features available. Don’t connect to unknown hotspots or WiFi connections as you can’t be sure who else is using the same network and could be accessing your data.

Optimise password protection

Passwords are a simple, free but effective way to protect your data. All your devices should be protected by a password or PIN code and, if possible, fingerprint recognition. Ideally, a two-factor authentication system is best for your most critical information. It’s tempting to do, but avoid settling for default, simple or predictable passwords and don’t use a universal password for all your systems.

Avoiding phishing attacks

Phishing emails are becoming more sophisticated and trickier to identify so it’s really important all your IT users are vigilant and cautious. Unfortunately you can’t eliminate the risk altogether, you can minimise it by restricting the access lower level users have and limiting internet access. Make sure your staff are trained in how to spot out of the ordinary requests for information, red flags for potential phishing attempts and to voice anything suspicious to their manager. Stay up to date with the latest scams and phishing techniques. If you are subject to a data breach, you are legally obliged to inform the ICO (Information Commissioner’s Office) within 72 hours.

For the full guidance from the National Cyber Security Centre visit their website.