Cybersecurity for Small Businesses: Insights and Advice from Xero’s Mark Knowles

Cybersecurity for Small Businesses: Insights and Advice from Xero’s Mark Knowles
Image Courtesy: Xero

In a compelling interview with CanadianSME Small Business Magazine, Mark Knowles, General Manager of Security Assurance at Xero, offers his expert insights on the critical role of cybersecurity for small businesses. With cyber threats growing in sophistication, Mark emphasizes the need for robust security measures tailored to the unique challenges of SMEs. Drawing from his extensive experience, he discusses how Xero is helping businesses stay secure in the digital age and highlights the findings from Xero’s Small Business Insights report, which underscores the financial literacy and cybersecurity challenges that Canadian small businesses face today.

Mark Knowles is an experienced cybersecurity professional with over 30 years of business and management experience. Currently serving as the General Manager of Security Assurance at Xero, a technology company that provides cloud-based accounting software for small businesses, he leads security education, risk and compliance initiatives, consultancy, and data governance and AI on a global scale.

Mark’s career has spanned diverse sectors including finance, government and telecommunications, holding key security leadership roles spanning the technology, banking, insurance and telecommunications industries as well as in the public sector. Mark is passionate about making the world a safer place.


Cybersecurity is a pressing concern for small businesses today. What are some of the most common cyber risks that small businesses face, and how can they effectively identify these threats?

Cybercriminals are conducting new attacks roughly once every 39 secondsand in an increasingly digital age, small businesses are becoming more and more vulnerable to the threat of cybercrime. 

Recently, there has been a particular increase in supply chain attacks targeting small businesses. However, bad actors are continuously adapting their attack techniques to leverage the latest technologies, including the use of AI and even deep fakes to carry out more sophisticated cyberattacks. 

Unfortunately, as cyberattacks become more complex, they can be more challenging to identify, which is why it’s important for small businesses to prioritize strong cybersecurity measures, including defense protocols, anti-phishing tactics, and employee cybersecurity training, to ensure their sensitive data stays protected.

Image Courtesy: Canva

With so many cybersecurity tools available, what are the top four steps that small businesses can take to protect themselves from cybercriminals?

As small businesses become increasingly vulnerable to attacks, it’s more important than ever to get the cybersecurity basics right. The good news is, building strong cybersecurity defenses can start with a few simple steps. Four ways that small businesses can protect themselves are: 

  • Strengthening their first line of defense: This means doubling down on security basics like password management and multi-factor authentication and working with service providers that prioritize security (more on that below).
  • Educating employees on the importance of strong cyber hygiene: Even some of the most advanced cyberattacks are still toothless if employees know enough to pause, think critically about the message, and react appropriately if something doesn’t seem right. Make sure staff understand cybersecurity risks and protocols.
  • Getting up to speed on deep fakes: Cybercriminals can use deepfakes to impersonate executives, clients, or even government officials. Train your team to look for signs of deep fakes, like poor lip syncing and inconsistent eye blinking.
  • Staying informed and establishing reporting procedures: Work to establish a culture where employees understand the threats and feel comfortable and confident reporting unusual or suspicious activity. 

Small businesses often have limited resources for cybersecurity. What are some affordable or low-cost cybersecurity basics that can serve as a strong first line of defense?

Employees can often be the weakest spot in even the most cybersecure business, so it’s important to ensure basic cyber hygiene processes are in place. Some of the cybersecurity basics that can serve as a strong first line of defense include:

  • Password Management: Strong passwords are the foundation of a small business’ online security. We also recommend using long, unique passwords for each account and considering a secure password manager to keep track of them. 
  • Multi-Factor Authentication (MFA): Using MFA provides an added layer of protection by requiring additional verification (like a login code sent to your phone).
  • Secure Services: It’s important to work with reputable product and service providers that prioritize security. When selecting a supplier, look for certifications like ISO and SOC2 compliance. 
Image Courtesy: Canva

Employee awareness is key in preventing cyber threats. How can employers effectively educate their staff to safeguard the business against potential cybercrime?

One way cybercriminals can exploit small businesses is by targeting employees, whether it be through phishing attacks or social engineering attacks, where the objective is to trick employees into doing something they shouldn’t.  

With that in mind, it’s important for small business owners to educate their teams using a zero trust approach (“never trust, always verify”) with verification protocols baked into every stage of the process. Employees should also understand how to identify and report phishing attempts, review suspicious emails and spot deep fakes.


For small business owners eager to improve their cybersecurity but unsure where to begin, what are the first steps you would recommend to them?

Implementing cybersecurity procedures can feel like a massive undertaking when you aren’t sure where to begin, especially for small businesses where funds for cybersecurity solutions are tight. However, maintaining strong cybersecurity practices doesn’t necessarily mean investing in super complex or expensive systems – the easiest and most effective solutions are often free or low-cost. Make sure your business’ basic cybersecurity defenses are in check: update your passwords, apply MFA and zero trust procedures, and avoid working with product or service providers who aren’t security compliant. Next, ensure your teams understand the potential risks, feel comfortable identifying a potential attack and are prepared to act when they notice suspicious activity or if something goes wrong.

Cybersecurity is everyone’s responsibility, but by following a few basic tips and staying vigilant, small businesses can greatly reduce their risk of falling victim to cybercrime.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.