Is your small business cyber secure?
A lot has been said about the increase in digitisation over the course of the pandemic. Many businesses had to adapt to remote working and meet the changing expectations of their customer base. You might be using more automation and cloud sharing platforms than ever before, and it’s probably been easier to do certain tasks. But cyber crime has also been on the rise as a result.
In the USA, the White House shared an open letter last month, urging businesses to improve their cyber defenses. This was following the shutdown of the Colonial pipeline in May that led to fuel shortages on the East Coast. Nowadays, even schools and hospitals are regularly targeted by hackers.
The way we store data and files will always be a target for scammers. Protecting your business and boosting your cyber security should be a priority. Before you get started you need to ask yourself three questions: Where’s my information stored? How resilient is my business if it’s targeted by hackers? To what extent is my business at risk of a cyber attack? Once you understand your risks, they’ll be easier to mitigate. Read on for advice and actions you can take to improve your cyber security.
SMEs are common targets
The damage caused by cybercrime is set to exceed £27 billion in the UK alone this year. Cloud-based data protection company, Infrascale, reported that 46% of SMEs have been victims of ransomware attacks. Of these, 73% have paid the ransom. Unfortunately, criminals are quick to respond to countermeasures and are highly adaptable. As a result, cybersecurity needs to be a priority that you regularly monitor.
Small and medium sized businesses are a common target of ransomware attacks. Depending on the size of your company, you may not have an IT department or the right resources to upgrade your services or restructure backup procedures.
We’ll go through the best ways to secure and strengthen your cyber defences below. You don’t want to put these things off, as preventing an attack is far less costly and time consuming than recovering from one.
You want your business to be able to anticipate, withstand and recover from any stresses or attacks on digital data and systems. Being able to adapt to new threats is a key part of running a business. Here’s what you need to consider to make your business able to withstand and recover from cyber threats:
Assess your weak points – Conduct a vulnerability assessment of your network and its end-to-end security. Online scanners like Intruder and Detectify can give you a picture of how strong your defences are and an assessment of what you can do to improve.
Stay on the pulse – Once you know how vulnerable your network is you can start managing the risks you face. Don’t let your assessment and the plan that comes out of it go to waste. You want to be constantly monitoring your systems to see where to improve and expand your security.
Stop clicking “remind me later” – Keep on top of those updates! Your IT infrastructure will thank you for it. Cyber resources are useful to you when they’re the most recent version so they can effectively react to any new threats.
Back up your data - if you’ve backed up your data then your important files won’t be lost forever in the event of a cyber attack. Identify what needs to be recorded and how you want it to be stored. This could be on a portable harddrive, cloud platform, or both.
Avoid phishing attacks – a phishing email is one that tries to trick you into giving money or to sign into a secure account. Common examples are emails with fake invoices for services you haven’t used. The links in their emails will go to websites that save your sensitive information, or they can install malware onto your device without your knowledge.
- Set up two-factor authentication (2FA) – this will help you avoid phishing attacks. If important accounts like email have 2FA, that means you and your team verify your identity with something other than your password, for example through an app. With this switched on, a scammer that has your identity credentials won’t be able to log on.
- Install email filtering software – this will help send phishing emails to your spam or junk folders. A service like Mimecast can be fine tuned to suit the needs of your business.
- Train your team – protecting your organisation is a team effort. Help your employees understand what a phishing email looks like and what to do with it. Make sure they know who to flag it to and encourage them to ask for help if they notice anything suspicious.
Set a password policy – you can set up a password manager to manage permissions and impose tighter security. Asking your team to change their passwords every few months is a good idea to protect their accounts and your organisation from hackers. You can also improve your security by deciding what each account has access to. That way, if someone’s account is compromised, the hacker won’t be able to access every part of the business.
Upgrade your network security – switch on your firewall and install the latest antivirus software. A firewall monitors all the incoming and outgoing traffic on your network and will block any unauthorized access. An in-office equipment should be encrypted too. Bitlocker will protect Windows systems, or other security hardware, known as a Trusted Platform Module (TPM) with a PIN (the authenticator), or FileVault if you use Mac products.
You can’t play it too safe online, especially when your business is at risk. But there’s no denying it costs to set up a safer infrastructure for your business. If you're finetuning your cyber protection is something you’ve been ignoring then there’s help out there to make sure you can afford to make the necessary upgrades. A flex loan can help you access funds instantly to pay for these improvements to your security software and training sessions.
Small businesses are too often easy targets for cyber criminals. As businesses have become more digitised and reliant on their online infrastructure and cloud platforms, attacks are becoming more common and sophisticated. But they’re easy to avoid if you take the threat seriously and regularly monitor your risks and defences.
Investing in a strong firewall and antivirus software will take you far, but make sure you stay up to date with potential vulnerabilities. The National Cyber Security Centre has put together a straightforward cyber security guide for small businesses if you want more information.