Cyber criminals are increasingly targeting small firms. Taking some basic precautions can help ensure you don’t become a victim.
In 2016, 2.9 million UK businesses reported being successfully targeted by some form of cyber crime, and the financial losses of these attacks totalled over £29 billion.
Those thinking only large firms need to worry about cyber crime should read closely. Small businesses are actually at greater risk of cyber crime than larger ones, with statistics from the FSB showing that 66 per cent of small businesses have been victims in the past two years.
The National Crime Agency has urged directors of businesses to go beyond compliance with the minimum cyber security standards to ensure that rapidly evolving cyber threats are mitigated and the threat to UK businesses is reduced.
It is highly recommended that businesses of all sizes invest in advanced cyber defences, as well as communicate the threats to employees and train them on how to spot the tell-tale signs. The following tips should help you tighten up your defences:
1. Train employees to spot fake emails. Phishing emails are sent to trick you into clicking a link or downloading an attachment by posing as communication from a trustworthy source. They can look virtually identical to legitimate communications, sometimes using personal information about their target gleaned from social media. One wrong click could allow criminals to monitor your communications or collect login details. Training is available in the form of simulated phishing emails that test employee vigilance.
2. Be vigilant against social engineering. Social engineering is the art of manipulating people to gain access to restricted areas, systems or information. It is usually easier for criminals to accomplish than hacking your systems. One tactic is to target an employee in accounts with spoofed emails from the CEO of the business, asking them to comply with a sensitive business transaction. The phone rings, and the employee is told where to send the funds. Communications are usually sent at a time when the boss is out of the office.
3. Ensure your firewall is fit for purpose. All businesses need a firewall. Without one, your business networks are effectively open to anyone on the internet. Your firewall must be fit for purpose in today’s world of SSL encrypted internet traffic. If your firewall is a few years old then it likely can’t scan encrypted traffic. Over 60 per cent of internet traffic is now encrypted compared with 5 per cent a few years ago. So while outsiders can’t snoop on information you pass to trusted websites, it means older firewalls can’t scan over 60 per cent of traffic.
4. Use multifactor authentication. How many locks do you have on your front door? The more methods of securing your door you have, the less likely it is someone will just walk through it. Multifactor authentication adds additional security to your accounts, usually as a token or app that generates a unique code every time you want to log in. With multifactor authentication in place, someone would need your password as well as have your phone or token in their possession, if they wanted to access your email or other accounts.
5. Manage your technology properly. Once you have the right technology in place to reduce the threat from cyber criminals, keep it up to date. Security solutions such as antivirus and firewalls can only protect you from the latest threats if they’re updated to recognise them. Applications and operating systems must also be updated to ensure cyber criminals can’t exploit backdoor vulnerabilities. A good IT partner will recommend solutions that update in real time, and proactively keep operating systems up to date.