Protecting your Business from Cyber Attacks

Troy Gerrie • June 5, 2023

In today's digital age, businesses of all sizes are vulnerable to cyber attacks. Small and medium-sized businesses (SMBs) are particularly attractive targets for cybercriminals due to the lack of enterprise-grade security measures which are historically considered out-of-reach compared to larger organizations. However, with the right strategies and a layered approach to security and access to modern tools, SMBs can significantly reduce the risk of falling victim to cyber attacks. In this article, we will discuss various measures that SMBs can implement to protect their business from cyber threats.

Secure Backup and Recovery

One of the most critical aspects of cybersecurity is ensuring secure backup, recovery and continuity of business information. Regularly backing up your data and storing it in a separate location, preferably off-site or in the cloud in an isolated fashion, can help mitigate the impact of ransomware attacks or hardware failures. By having up-to-date backups and a fool-proof Disaster Recovery plan, you can restore your business information systems rapidly to minimise downtime.

Patch Management

Keeping all software, operating systems, and applications up to date with the latest patches and security updates is essential to protect your business from known vulnerabilities. Implementing a comprehensive patch management strategy ensures that your systems are fortified against potential exploits.

Multi-Factor Authentication and Identity Management

Implementing multi-factor authentication (MFA) provides an extra layer of security by requiring users to verify their identities through multiple factors, generally via an App on the users Cell phone. This makes it significantly harder for cybercriminals to gain unauthorized access to your business systems or sensitive information. Coupled with robust identity management practices, such as Conditional requirements upon sign-in, MFA enhances your overall security posture.

Device Management and Endpoint Detection and Response

As the number of devices connected to your network increases, so does the potential attack surface for cyber threats. Implementing effective device management practices helps ensure that all devices connected to your network, including employee-owned devices, adhere to security policies and are regularly updated. Endpoint detection and response (EDR) solutions provide real-time monitoring and threat detection capabilities, enabling prompt action against potential security incidents.

E-Mail Hygiene

Human error remains one of the leading causes of successful cyber attacks. Educating your employees about cybersecurity best practices is crucial first-layer defence in reducing the risk of falling victim to phishing attempts, social engineering, or other forms of manipulation. Regular security awareness training sessions can help employees recognize and report suspicious activities, strengthen password hygiene, and develop a security-conscious mindset.

Firewall and LAN Management

Securing your business's email infrastructure is crucial for preventing email-based attacks. Implementing Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols are all some strategies can help authenticate and verify incoming and outgoing emails, reducing the risk of email spoofing, phishing, and other email-based threats.

Password Management

Weak and reused passwords are a significant security vulnerability. Encourage your employees to use strong, unique passwords and implement a password management policy. Consider utilizing password management tools or password vaults to securely store and manage passwords.


Securing your business from cyber attacks is an ongoing process that requires a layered approach to address various vulnerabilities. By implementing secure backup and recovery practices, effective patch management, multi-factor authentication, device management, security awareness training, email hygiene, firewall and LAN management, and password management, SMBs can significantly enhance their cybersecurity posture. Remember, security is a journey, not a destination. Stay vigilant, adapt to evolving threats, and regularly review and update your security measures to protect your business from the ever-growing cyber threat landscape.


More information on the security critical 8 and what's involved.

Recent Posts

From small town to big security, with the ASD Essential 8

May 29, 2025
Cybercrime is on the rise in New Zealand, with CERT NZ recording $6.8M in reported financial losses in Q4 2024 alone. For small-town businesses, the stakes are even higher. That’s why we have adopted the Australian Signals Directorate (ASD) Essential 8 framework to enhance its cybersecurity practices.

MCI & Associates and Yorb: A journey from support to strategy

April 10, 2025
MCI & Associates is an accountancy firm with over 45 employees across offices in Dannevirke and Pahiatua. The practice services a diverse range of clients, including those in the farming and commercial sectors, and its core services include tax preparation, business advisory and planning, and general accounting. The relationship between Yorb and MCI goes back over three decades to when both companies were in their formative stages. The trust-based relationship has endured and evolved as each business has grown and matured - going through name and ownership changes.

Cyber security in small-town NZ: why it’s time to pay attention

March 26, 2025
If you think cybercriminals only go after big corporations in major cities, think again.  The majority of incidents recorded by the NCSC impact individuals and small to medium businesses, proving that cyber threats don’t discriminate based on location - they target opportunity. With over 23,000 reports to the Netsafe helpline, and $17.8M in losses reported last year, small-town businesses are very much in the spotlight. In the past few months alone, three local accounting firms in regional New Zealand have suffered a data breach,and local ISP - Inspire was recently the target of a malicious cyber attack.