Cyber attacks are becoming more commonplace and can be particularly devastating for small businesses. Not only do they put businesses at risk from a data security standpoint, but they can prevent paid staff from carrying out work and translate directly into lost revenue if customers are not able access online services.
Cyber attacks and breaches cost small businesses an average of £3,650 each year, and these kinds of attacks are not unusual, with nearly a third (31%) of micro/small businesses experiencing a cyber attack in the last 12 months. Recent Government research also suggests the problem is becoming more acute, with the typical number of breaches suffered by businesses rising from two in 2017, to four in 2018 and up to six in 2019. With the GDPR laws now in force, it’s more important than ever to protect customer data.
To help businesses prevent these kind of attacks, the Government’s Cyber Aware campaign is encouraging small businesses to implement advice from the Cyber Security Small Business Guide. The guide show SMEs how to be cyber secure with five quick, practical, and cost-effective steps to significantly reduce the risk of becoming a victim of cyber crime, which are outlined below:
Make regular backups of your important data to an external device or to the “cloud”, and test these backups can be restored.
Most small businesses rely on access to data. By keeping a backup, you’re ensuring the business can still function following a cyber attack. This also helps protect you against being blackmailed via a ransomware attack. All essential data should have a back-up stored separate from your computer, and a reputable cloud storage solution is a cost-effective way of achieving this. Backing up files should be integrated as part of your everyday business, rather than manually completing every so often, to ensure all backup files are up to date.
Installing the latest software and app updates helps protect your devices from viruses and hackers as they contain vital security updates.
Anti-virus software is often included for free within most operating systems. This should be used on all computers and laptops within your business and kept up to date. All other IT equipment, including smartphones, tablets, laptops and PCs, should also be kept up to date with the latest versions of software and firmware. Where possible, set operating systems, programmes, phones and apps to ‘automatically update.’
Switch on password protection for your smartphones and tablets. Use a suitable complex PIN or password which can’t be easily guessed.
Mobile technology is now an essential part of business, with an increasing amount of data being stored on smartphones and tablets. Your PIN or password should be suitably complex and shouldn’t be easily guessed by a criminal with access to your social media profile. All devices should also be set up with tools to track the location, be remotely locked, and set to remotely erase the data stored on the device. This will keep data secure if a device is lost or stolen.
Use two-factor authentication for ‘important’ accounts, like your email or bank account. Avoid using predictable passwords.
Password protection is not just for smartphones and tablets – office equipment holding sensitive data such as laptops and PCs should use also an encryption product. Most modern devices have encryption built in, but you may need to check that this is turned on and configured. The most important accounts should use two-factor authentication. This requires two different methods to prove your identity before you use a service, for example as a code sent to your smartphone that you must enter with your password.
Scammers send fake emails to thousands of businesses trying to trick you out of sensitive information like bank details. You and your staff can check for the obvious signs of phishing, like poor spelling, dodgy logos and requests to “act now”.
Make sure staff are aware of the warning signs of phishing emails, such as bad grammar, poor quality logos, requests to send details urgently, or mimicking a high-ranking person within your business. Staff should be encouraged to ask for help if they receive one of these emails. They can be very convincing and hard to spot, so it’s important not to punish staff if they do get caught out, as this will discourage them from reporting attacks in the future.
As well as following these five tips, employers can empower more staff to become ‘cyber security champions.’ The cyber security champion doesn’t need to be a technical expert as there is some great practical advice available in the free Small Business Guide. What businesses need from their cyber security champion is someone who can talk to their colleagues and help to keep security at front of mind.
This advice can help an individual in a business navigate simple steps to improve cyber security. A set of short videos is also available to support this advice. For more information visit: www.cyberaware.gov.uk/protect-your-business