Cybersecurity for Small Businesses: Insights and Advice from Xero’s Mark Knowles

Cybersecurity for Small Businesses: Insights and Advice from Xero's Mark Knowles
Image Courtesy: Xero

In a compelling interview with CanadianSME Small Business Magazine, Mark Knowles, General Manager of Security Assurance at Xero, offers his expert insights on the critical role of cybersecurity for small businesses. With cyber threats growing in sophistication, Mark emphasizes the need for robust security measures tailored to the unique challenges of SMEs. Drawing from his extensive experience, he discusses how Xero is helping businesses stay secure in the digital age and highlights the findings from Xero’s Small Business Insights report, which underscores the financial literacy and cybersecurity challenges that Canadian small businesses face today.

Mark Knowles is an experienced cybersecurity professional with over 30 years of business and management experience. Currently serving as the General Manager of Security Assurance at Xero, a technology company that provides cloud-based accounting software for small businesses, he leads security education, risk and compliance initiatives, consultancy, and data governance and AI on a global scale.

Mark’s career has spanned diverse sectors including finance, government and telecommunications, holding key security leadership roles spanning the technology, banking, insurance and telecommunications industries as well as in the public sector. Mark is passionate about making the world a safer place.


Cybersecurity is a pressing concern for small businesses today. What are some of the most common cyber risks that small businesses face, and how can they effectively identify these threats?

Cybercriminals are conducting new attacks roughly once every 39 seconds, and in an increasingly digital age, small businesses are becoming more and more vulnerable to the threat of cybercrime. 

Recently, there has been a particular increase in supply chain attacks targeting small businesses. However, bad actors are continuously adapting their attack techniques to leverage the latest technologies, including the use of AI and even deep fakes to carry out more sophisticated cyberattacks. 

Unfortunately, as cyberattacks become more complex, they can be more challenging to identify, which is why it’s important for small businesses to prioritize strong cybersecurity measures, including defense protocols, anti-phishing tactics, and employee cybersecurity training, to ensure their sensitive data stays protected.

Cybersecurity for Small Businesses: Insights and Advice from Xero's Mark Knowles
Image Courtesy Xero

With so many cybersecurity tools available, what are the top four steps that small businesses can take to protect themselves from cybercriminals?

As small businesses become increasingly vulnerable to attacks, it’s more important than ever to get the cybersecurity basics right. The good news is, building strong cybersecurity defenses can start with a few simple steps. Four ways that small businesses can protect themselves are: 

  • Strengthening their first line of defense: This means doubling down on security basics like password management and multi-factor authentication and working with service providers that prioritize security (more on that below).
  • Educating employees on the importance of strong cyber hygiene: Even some of the most advanced cyberattacks are still toothless if employees know enough to pause, think critically about the message, and react appropriately if something doesn’t seem right. Make sure staff understand cybersecurity risks and protocols.
  • Getting up to speed on deep fakes: Cybercriminals can use deepfakes to impersonate executives, clients, or even government officials. Train your team to look for signs of deep fakes, like poor lip syncing and inconsistent eye blinking.
  • Staying informed and establishing reporting procedures: Work to establish a culture where employees understand the threats and feel comfortable and confident reporting unusual or suspicious activity. 

RBC Canada Small Business

Small businesses often have limited resources for cybersecurity. What are some affordable or low-cost cybersecurity basics that can serve as a strong first line of defense?

Employees can often be the weakest spot in even the most cybersecure business, so it’s important to ensure basic cyber hygiene processes are in place. Some of the cybersecurity basics that can serve as a strong first line of defense include:

  • Password Management: Strong passwords are the foundation of a small business’ online security. We also recommend using long, unique passwords for each account and considering a secure password manager to keep track of them. 
  • Multi-Factor Authentication (MFA): Using MFA provides an added layer of protection by requiring additional verification (like a login code sent to your phone).
  • Secure Services: It’s important to work with reputable product and service providers that prioritize security. When selecting a supplier, look for certifications like ISO and SOC2 compliance. 
Cybersecurity for Small Businesses: Insights and Advice from Xero's Mark Knowles
Image Courtesy Canva

Employee awareness is key in preventing cyber threats. How can employers effectively educate their staff to safeguard the business against potential cybercrime?

One way cybercriminals can exploit small businesses is by targeting employees, whether it be through phishing attacks or social engineering attacks, where the objective is to trick employees into doing something they shouldn’t.  

With that in mind, it’s important for small business owners to educate their teams using a zero trust approach (“never trust, always verify”) with verification protocols baked into every stage of the process. Employees should also understand how to identify and report phishing attempts, review suspicious emails and spot deep fakes.


For small business owners eager to improve their cybersecurity but unsure where to begin, what are the first steps you would recommend to them?

Implementing cybersecurity procedures can feel like a massive undertaking when you aren’t sure where to begin, especially for small businesses where funds for cybersecurity solutions are tight. However, maintaining strong cybersecurity practices doesn’t necessarily mean investing in super complex or expensive systems – the easiest and most effective solutions are often free or low-cost. Make sure your business’ basic cybersecurity defenses are in check: update your passwords, apply MFA and zero trust procedures, and avoid working with product or service providers who aren’t security compliant. Next, ensure your teams understand the potential risks, feel comfortable identifying a potential attack and are prepared to act when they notice suspicious activity or if something goes wrong.

Cybersecurity is everyone’s responsibility, but by following a few basic tips and staying vigilant, small businesses can greatly reduce their risk of falling victim to cybercrime.

author avatar
CanadianSME
With an aim to contribute to the development of Canada’s Small and Medium Enterprises (SME’s), Cmarketing Inc is a potential marketing agency and a boutique business management company progressing rapidly in its scope. By acknowledging a firm reliance of the Canadian economy over its SMEs, the agency has resolved to launch a magazine, the pure focus of which will be the furtherance of Canadian SMEs, and to assist their progress with the scheduled token of enlightenment via the magazine’s pertinent content.
Share
Tweet
Pin it
Share
Share
Share
Share
Share
Share
Related Posts
Total
0
Share