Recorded cyber-crime cost the UK economy £10.9bn in 2015/16, and with industries becoming ever more digitalised, cyber security is becoming increasingly important. An attack can be detrimental to your businesses, costing you money, your reputation and potentially your livelihood. For small to medium sized enterprises (SMEs) with tight budgets and resources, protecting against cyber-attacks may seem like an impossible task, but the good news is that there are simple things you can implement to help protect your business.
Educate Employees About Cyber Security
Even with technical support staff in place, it is important to educate everyone from the bottom to the top on the importance of cyber security. Employees are often an organisations greatest vulnerability when it comes to online security and may inadvertently breach security protocols if they are not thoroughly trained, leaving your business open to attacks. Have clear and concise policies in place and make your staff aware of them and the consequences of violating these policies.
Install Anti-Virus Software
Anti-virus software is often included for free within popular operating systems, often all that is needed is for you to click ‘enable' and you're instantly safer. Only install an anti-virus programme from tried and trusted sources, and keep software up-to-date to ensure it remains effective.
Secure Your Wi-Fi Network
To deter hackers from accessing your Wi-Fi, make sure you secure, encrypt, and hide your network. If your wireless network is not properly secured, people from other businesses, offices or nearby buildings can potentially gain access to files containing sensitive information. Set up a separate network if you want an open Wi-Fi for customers to use. This will prevent any unwanted people from accessing your business Wi-Fi and retrieving confidential information. SMEs should also secure their network via a good firewall or unified threat management (UTM). This is an advanced firewall that restricts dangerous websites, stops malicious emails and prevents network exploits.
Encrypt Sensitive Data
All business that hold personal data such as names, birth dates, bank details and addresses must secure this information. Your business could face legal action if a device containing sensitive information is stolen and the contents leaked or shared, encrypting your hard drive ensures data remains secure. Encryption conceals data by converting it into a code, thereby protecting it from any prying eyes. Full disk encryption is the most secure option, but is not always necessary unless you have sensitive data all over your computer. Encrypting a select group of files, usually those containing sensitive information, will keep them safe without any of the complications that come with a full disk encryption.
Keep Your Software Up to Date
Keeping your software up to date, a process known as ‘patching', is one of the most important things you can do to protect your business from cyber threats. Software vendors release updates to address the security risks in their existing products, so if you don't update, your computer could be left vulnerable to hacking and malware. If your employees use mobile devices for work, ensure they use updated apps, including a security app.
Strong Passwords and Change Them Regularly
It may be tempting to use the same password for all your accounts, but this may leave you vulnerable to hackers. Employ strong and unique passwords, ideally 20 characters or more and containing a mix of numbers, letters and symbols. It can be difficult to remember several unique passwords, so a password management programme could help. Never write your passwords down and be sure to change them regularly.
Back up Everything
Not the most exciting job, but one you really need to make priority. Backing up your data is perhaps the most important step you can take to preventing a network disaster. The data on your business computer will most likely contain important and sometimes personal information, and the consequences of losing this data could be catastrophic. Backing up your data creates a copy that you can restore later should you have a system failure or become victim to an attack.
Think Before You Click
Phishing emails and malicious attachments are one of the main causes of data breaches, with 91% of all cyber-attacks starting with a phishing email. Phishing is one of the easiest forms of cyber-attack for a hacker to carry out and aims to trick the target into doing what the scammer wants, i.e. provide a password, bank details or other crucial information. Victims may also be tricked into clicking on an unsecure link to a fake website or downloading and installing malware or ransomware. To prevent phishing attacks, check for obvious signs of phishing such as spelling and grammatical errors, dubious looking email addresses and low-quality versions of recognisable logos. If in doubt, do not click on the link or attachment and instead contact the sender directly to verify whether the email is legitimate or a scam.