Many experts now believe that a cyber attack is a matter of when rather than if for most organisations. [1] This is backed up by insurer Hiscox which found from its research that 55 percent of UK businesses had suffered a cyber attack in 2019, a 40 percent increase on the previous year.
The effect of an attack can be devastating, not just in financial terms and in disruption to your operations, but also in terms of the damage that it can do to your company’s reputation. Not only that, but new regulations mean that you can be subject to a heavy fine if you haven’t been taking proper care of personal data. It’s therefore vital that you are aware of cyber security/threats and know what steps to take to combat them.
Smaller businesses may not have too many resources to devote to cyber security, it’s therefore vital to know how to use what you have wisely.
You are a target
Many smaller businesses fall into the trap of assuming that their scale will make them an uninteresting target for cyber attacks, but this simply isn’t true. Larger companies tend to have better security, so smaller firms are often seen by those behind cyber threats as soft targets.
You may not think that the data you hold is particularly valuable, but it could still be devastating for your business if you were locked out of your systems by, for example, a ransomware attack. In addition, if you hold data about your customers, this needs to be protected in line with legislation such as GDPR. Losing data in an attack, therefore, is not only bad for your business but could get you in hot water with the authorities.
Guarding against cyber attacks
You don’t need to be an IT expert to protect your business. There are some basic steps that anyone can take. The first is to ensure that internet security software is installed. Businesses can usually get a package that will protect all of their devices including mobile phones and tablets as well as PCs.
It’s not enough just to install security software, however. You need to keep it up to date so that it remains effective against new and emerging threats. This applies to all of your other software too. The latest Windows operating systems are pretty good at automatically installing updates to keep you safe, but you need to make sure that this feature is turned on.
Other software may not be quite so good at keeping itself up to date. When was your office software or your accounting package last updated, for example? Cyber criminals seek out unpatched flaws in all kinds of software and look to exploit them, so keeping your systems up to date is vital. Most programs will have a feature allowing you to check whether an update is available, or you can go to the developer’s website for the latest versions.
People power
It’s also a fact that one of the weakest links in the cyber security chain is people. Your staff needs to be aware of the threat of cyber attack. This means making sure that they know about the threat of phishing emails that seek to trick them into revealing sensitive information or get them to click on an infected link or open an attachment.
Password security is important too. Ensure that you enforce the use of strong passwords – a minimum of eight characters long and using a mix of alphanumeric characters – and educate people not to recycle passwords across different login accounts. If they have to remember passwords for multiple systems and services, then consider using a password manager program.
You should also look at using multi-factor authentication where available. This can involve verifying a login via a mobile device, biometric system or hardware token rather than just relying upon a user ID and password. Many cloud providers now provide extra options of this type to help you to keep your business systems secure.
It’s a good idea to have a cyber security policy in place so that your employees know what their responsibilities are with regard to computer systems. This should also set out rules for the personal use of the internet on work systems. This can also help you to avoid the threat of ‘shadow IT’ where people install unauthorised software to help with their work, using an unauthorised cloud storage service to transfer files to work on at home, for example.
Ready or not…
It’s one thing to put security measures and policies in place, but you must remember that maintaining cyber security is not a one-time process. This is a fast-moving field and you need to constantly review your position and keep your systems and policies up to date.
If you need advice, the Government’s National Cyber Security Centre offers a series of guides for smaller companies to help them stay safe.
[1] https://www.theguardian.com/technology/2018/jan/22/cyber-attack-on-uk-matter-of-when-not-if-says-security-chief-ciaran-martin [2] https://www.ncsc.gov.uk/collection/small-business-guide