Recorded cyber-crime cost the UK economy £8.8bn in 2018, and with industries becoming ever more digitalised, cyber security is becoming an increasingly important topic for small businesses. An attack can be detrimental to your businesses, costing you money, your reputation and potentially your livelihood.
For small to medium sized enterprises (SMEs) with tight budgets and resources, protecting against cyber-attacks may seem like an impossible task, but the good news is that there are simple things you can implement to help protect your business.
Educate employees about cyber security
Even with technical support staff in place, it is important to educate everyone from the bottom to the top on the importance of cyber security. Employees are often an organisations greatest vulnerability when it comes to online security and may inadvertently breach security protocols if they are not thoroughly trained, leaving your business open to attacks. Have clear and concise policies in place and make your staff aware of them and the consequences of violating these policies.
Install anti-virus software
Anti-virus software is frequently included for free within popular operating systems, often all that is needed is for you to click ‘enable’ and you’re instantly safer. Ensure you only install anti-virus programmes from tried and trusted sources and keep software up to date to ensure it remains effective.
Secure your wi-fi network
To deter hackers from accessing your Wi-Fi, make sure you secure, encrypt, and hide your network. If your wireless network is not properly secured, people from other businesses, offices or nearby buildings could potentially gain access to files containing sensitive information.
Set up a separate network if you want an open Wi-Fi for customers to use. This will prevent any unwanted users from accessing your business Wi-Fi and retrieving confidential information. SMEs should also secure their network via a robust firewall or unified threat management (UTM). This is an advanced firewall that restricts dangerous websites, stops malicious emails and prevents network exploits.
Encrypt sensitive data
All businesses that hold personally identifiable data such as names, birth dates, bank details and addresses or special category data such as health, racial or ethical origin and religious beliefs must secure this information. Your business could face legal action if a device containing sensitive information is stolen and the contents leaked or shared.
Encrypting your hard drive ensures data remains secure. Encryption conceals data by converting it into a code, thereby protecting it from any prying eyes. Full disk encryption is the most secure option but is not always necessary unless you have sensitive data all over your computer. Encrypting a select group of files, usually those containing sensitive information, will keep them safe without any of the complications that come with a full disk encryption.
Keep your software up to date
Keeping your software up to date, a process known as ‘patching’, is one of the most important things you can do to protect your business from cyber threats.
Software vendors release updates to address the security risks in their existing products, so if you don’t update, your computer could be left vulnerable to hacking and malware. If your employees use mobile devices for work, ensure they use updated apps, including a security app.
Use strong passwords and change them regularly
It may be tempting to use the same password for all your accounts, but this may leave you vulnerable to hackers.
Employ strong and unique passwords, ideally 20 characters or more and containing a mix of numbers, letters and symbols. It can be difficult to remember several unique passwords, so a password management programme could help. Never write your passwords down and be sure to change them regularly.
Back up everything
Not the most exciting job, but one you really need to make a priority. Backing up your data is perhaps the most important step you can take to preventing a network disaster. The data on your business computer will most likely contain important and sometimes personal information, and the consequences of losing this data could be catastrophic. Backing up your data creates a copy that you can restore later should you have a system failure or become the victim of an attack.
Think before you click
Phishing emails and malicious attachments are one of the main causes of data breaches, with 90% of organisations experiencing some sort of phishing attack in 2019.
Phishing is one of the easiest forms of cyber-attack for a hacker to carry out and aims to trick the target into doing what the scammer wants, i.e. provide a password, bank details or other crucial information. Victims may also be tricked into clicking on an unsecure link to a fake website or downloading and installing malware or ransomware.
To prevent phishing attacks, check for obvious signs of phishing such as spelling and grammatical errors, dubious looking email addresses and low-quality versions of recognisable logos. If in doubt, do not click on the link or attachment and instead contact the sender directly to verify whether the email is legitimate or a scam.
By implementing these small business security tips, you can help protect your business from cyber-crime. If you’re looking to further your knowledge of cyber security the National Cyber Security Centre has detailed resources including guides and a short course that when successfully completed will allow your business to become Cyber Essentials certified.