Book review: A Practical Guide to Cyber Security for Small Businesses, by Nick Ioannou

A trove of tips and tricks for securing a small firm on a budget

The job of protecting a small business against cyber attacks is an important one, but it's not rocket science. Nevertheless, there are numerous factors to consider and many bases to cover. It can be time-consuming, fiddly and the job's never done. And, of course, there's a lot that can go wrong.

Small businesses live in a world dominated by cash flow and the bottom line, where precautionary measures that generate no immediate return on investment tend to fall down the list of priorities, and where wishful thinking might suggest spending is unnecessary.

‘Why do we need cyber security? The criminals aren't interested in us,' is a common refrain. ‘We have nothing of value to anyone else. We are okay; we don't do much online."

This concise guide begins by dismantling such comforting beliefs. Every small business has a bank account and customers and is therefore of interest; many attacks are automated, and bots don't 'care' who you are; and a single ransomware attack could put vital records permanently out of reach. Sadly, many small businesses never recover from a serious cyber attack.

The main excuse for inaction is lack of funds. Indeed, cyber security measures can be expensive, particularly if a small firm goes along with the default options offered by vendors. But for the savvy buyer, there are myriad low-cost or even free options that together can provide the overlapping strength-in-depth defences that will make an attacker's job a lot harder - all for the price of a cup of coffee per user per week.

Author Nick Ioannou is head of IT at a small business and has spent many years blogging about the practicalities of managing IT on a budget. "I'm always looking for what I call the ‘VW Golf sweet spot' where there is a good balance of price, performance and reliability," he writes.

This philosophy to the fore, Ioannou guides the reader through the seven key pillars of cyber security: antivirus; patch management; email filtering; web filtering; admin privilege; access control; and backups, looking at the choices available for each one.

"By covering all seven areas, you will create a layered security strategy just by virtue of the fact that there is a certain amount of overlap from the security solutions for each area," he notes. It doesn't matter which layers stops an attack, so long as one of them does. The important thing is not to leave any gaps.

Advice is practical and and light on technical jargon, which should suit the small business audience where IT security will likely be the remit of a generalist rather than a specialist.

Ioannou imparts some sage advice on the people and process aspects, including security awareness training and the vexed problem of password policy.

On the technology front, he offers a number of recommendations for specific products and services in each of the seven areas, but rather than going into depth about the relative pros and cons of each (after all, things change) Ioannou provides checklists of factors to look out for along with numerous links to independent resources where more detail can be found. In this way the book manages to cover a lot of ground in a short read without skimping on the fundamentals.

Ioannou is strong on the 'gotchas' and tradeoffs that less experienced IT managers might overlook: being in the cloud doesn't mean you can dispense with backups, for example.

With its end-to-end coverage of the cyber security basics as well as the many money saving tips on offer, A Practical Guide to Cyber Security for Small Businesses should provide ample ammunition for the IT manager requesting a budget for cyber - the author offers advice on selling security to management too.

There will be some who might think the cover price a little steep for 70 pages, but £20.00* is six cups of coffee and it's hard to imagine a small business that would not benefit disproportionally from the distilled practical wisdom to be found here.

*Addendum: The publisher informs us that the cover price of this book is now £14.95.

A Practical Guide to Cyber Security for Small Businesses, Nick Ioannou, ITSM Shop Ltd