Almost every week, we hear news of another cyber attack on a big firm.
Customer details stolen. Financial information swiped. Reputations ruined.
From Yahoo and eBay to Marriott and Sony, there’s no shortage of high-profile cyber crime stories.
So, you could be forgiven for thinking that cyber criminals are only interested in global companies with millions of customers.
But the reality is, small and medium businesses are at risk too and countless smaller organisations are attacked every day. Of course, these stories are not so newsworthy so we don’t get to hear about them. That doesn’t mean they aren’t happening.
Could your business survive a cyber attack?
What would happen if your business became the next victim of a cyber attack? Would it bring operations to a halt for hours, days or longer? Would it mean the loss of crucial company data, or even worse the theft of customer data? Could your business recover?
The fallout from a cyber attack could make it impossible to continue operating and you could face huge fines for failing to protect your customers.
You may already have software installed to combat viruses and attacks but if you don’t also implement cyber security best practices into your business, no amount of innovative products will protect you.
Why cyber criminals attack small and medium-sized businesses
Small and medium-sized businesses are easy prey for cyber criminals. They know businesses of this size are less likely to have sophisticated cyber security strategies in place, compared to larger companies.
So although they might get a thrill from taking down the giants, it’s often easier and more lucrative for criminals to focus on the smaller businesses.
The UK Government’s Department for Digital, Culture, Media & Sport carried out a survey to measure how UK organisations approach cyber security and the impact of security breaches on businesses.
The survey, conducted by Ipsos MORI, found that:
- 60 per cent of medium firms and 31 per cent of small businesses have identified breaches or attacks
Among those identifying breaches and attacks:
- 23 per cent of medium firms and 19 per cent of small businesses lost files or network access
- 12 per cent of medium firms and 9 per cent of smaller firms had software or systems corrupted or damaged
- 10 per cent of both medium and small businesses had their website slowed or taken down
So given the risks, what are business owners doing to protect themselves from cyber attacks?
Well, the positive news is that organisations are increasingly taking a proactive approach, putting systems and procedures in place to safeguard their future.
The research showed:
- 92 per cent of medium companies and 78 per cent of smaller businesses say cyber security is a high priority
- 71 per cent of medium firms and 32 per cent of smaller businesses have cyber security policies in place
If you haven’t made cyber security a priority yet, it could be for a number of reasons.
Perhaps you feel your organisation isn’t big enough to be a target. Maybe you don’t have the internal resources to create cyber security strategies. Or perhaps you simply don’t know where to start.
The good news is, no matter what size your business and no matter what your current approach to cyber security is, there are easy steps you can take right now to help protect your business.
Even if you don’t have your own in-house IT expert, you can still get access to cyber protection through an IT support company. A good provider will be able to offer all the tools, resources and support you need to safeguard your organisation.
The important thing is, if you want your business to be trading successfully in the future, it’s crucial to protect yourself from cyber criminals today.
Here are eight cyber security tips to help protect your business:
1. Policies, documentation, training
Would your staff know what to do if they received a phishing email? Are they creating safe passwords? Do they know what information is okay to include in an email?
Cyber security affects everyone in your business, no matter what their level or job role, so it’s important to document procedures and involve everyone in training.
Creating a company policy to cover all aspects of cyber security means your staff will know exactly what’s expected of them and what to do if things go wrong.
Once you’ve created a cyber security policy, use regular staff training to keep your teams up-to-date and include the policies within your staff handbook or online staff portal.
If staff leave, ensure their access to systems is removed straightaway and change any passwords they have previously held. This is particularly important if they haven’t parted on good terms.
2. Mobile devices
Mobile devices have made flexible working so much easier by allowing employees to access email and files, even when away from the office.
But with this increased freedom comes increased risk. Think about what data you want your staff to be able to access outside the office environment and what needs to be more secure.
Consider the risks if devices are lost or stolen. When staff leave, have plans in place to ensure they’re not still able to access sensitive data on mobile devices. There is often a blur between personal and work devices – so make sure you know what people have access to.
3. Smart password strategies
Many data breaches occur simply due to weak passwords. But creating strong passwords is one of the easiest steps you can take to protect your business.
Implement and document a company password policy to ensure all passwords created within your business are strong and safe.
Current best practice recommends creating complex passwords with a combination of upper and lowercase letters, numbers and symbols. In addition, all passwords should be changed every 60 to 90 days.
Sometimes a password on its own might not be enough. You should also consider multi-factor authentication. This means the user has to enter a password and also complete another action to gain access, such as typing in a code sent to their mobile phone.
4. Robust back-up processes
Having strong back-up processes in place will help protect you from ransomware attacks. This is when criminals block access to your data and demand a payment before reinstating access.
If you haven’t backed up your files, you might feel there is no choice other than to meet the criminal’s demands.
But back-up isn’t just about protecting your business from cyber attacks. By backing up your files in a separate location, you’ll also safeguard your data in case of fire or flood.
Remember to create back-ups for data stored in the cloud and check back-ups regularly to ensure they are updating correctly.
5. Protect customer data
If you handle customers’ personal data, such as email addresses, telephone numbers or credit card information, it’s essential you take steps to protect it.
A breach that results in the theft of customer data could ruin your organisation’s reputation forever.
As well as being best practice, as a business owner you also have a legal responsibility to protect customer data.
You should assess the information you hold and take the necessary steps to protect it. This could mean encrypting customer data – or using a third-party payment provider such as PayPal or GooglePay. This way, you’ll never need to store your customers’ payment details.
When assessing the risks around storing customer data, remember to consider the Data Protection Act and GDPR. Both of these apply to businesses of all sizes and if you fail to comply with the regulations, you could receive a large fine – or claims for damages from customers.
Make sure you understand the laws and have policies and procedures in place to ensure you’re complying with the latest regulations.
Did you know?
You’re required to report personal data breaches to the ICO (the Information Commissioner’s Office) within 72 hours of discovery.
6. Install anti-malware software
It can be easy for staff to be taken in by phishing emails and if they click a link in a malicious email, malware can be installed on your employee’s computer. Once it’s embedded on computers or on your network, malware can cause serious disruption to your business.
Anti-malware software will help protect your business even if an employee unwittingly clicks on a dangerous link. Of course, while it makes sense to install anti-malware software, it’s only really useful when used alongside other cyber security best practices covered in this list.
7. Network security
It’s important to ensure that your networks are protected from attack by preventing unauthorised access.
A firewall is one of the best defences against cyber criminals and acts as a barrier between your network and the crooks. Your firewall should inspect all incoming AND outgoing traffic to ensure interaction with the outside world is safe
8. Talk to the experts
While there are lots of things you can do yourself, it pays to get professional IT cyber security advice for your small to medium business.
Even without your own IT department, an IT support company will be able to provide ongoing support and cyber security best practices to help keep your business safe.
At Netstar, we can help you with all aspects of cyber security. We’ll begin by carrying out risk assessments for your business and test your current systems and procedures.
We can then identify the risks and weak points in your security before helping you set up the right software and safeguards to keep you safe.
The criminals are always coming up with new ways to attack companies, so your cyber security policies should be ever-changing. We take a proactive approach, always alerting you to any new risks to keep you one step ahead.
Using an IT support company will save valuable time trying to figure everything out yourself. With our support, you’ll gain the confidence that your business is protected – so no more sleepless nights worrying about cyber crime.
We hope you’ve found these cyber security tips useful.
If you’d like to find out more about how we can help protect your business from cyber attacks, click here to book your free consultation call
Your checklist for choosing an IT Support partner
Ensure you’re asking the right questions to find the right IT partner for your business.
Not all IT support companies are the same. If you want to find one that’s proactive and works to improve productivity in your business whilst reducing risk, you need to ask the right questions.
Download this checklist and ensure you partner with a company that will add value.