Protect your business in cyber space

The landscape for cyber-crime is changing. It used to be about causing disruption or gaining notoriety or fame for an attack but now it’s more financially motivated – and that’s not good for business.

So never lose sight of digital dangers - the Federation of Small Businesses* reports that the average cybercrime incident costs a small business nearly £3,000 and takes more than two days to recover from.

Every Small and Medium Enterprise (SME) needs strong cyber security defences but don’t be scared off, practical steps can strengthen your protection.

Understand the risks

A risk assessment helps understand and manage the potential risks that can disrupt business continuity. Conduct risk assessments at regular intervals to continually improve practices.

Employee awareness and training

Staff are often the weakest link in the security chain and employees should be aware that emails, websites, and files that appear safe may be corrupt.

Policies should outline acceptable actions for your employees when in the workplace or using company equipment. Provide formal cyber security awareness training and sporadic internal testing, such as sending Phishing Security Test Email to employees to gauge their level of awareness based on how many action potentially malicious links.

Passwords

Passwords should be strong, complex and unique. For example selecting three random words like “catbandtea” for a password helps guard against common issues like brute force attacks, while keeping it simple enough for the user to remember. Use of symbols, capital letters and numbers make them more secure.

With each online service requiring its own individual password, consider using a password manager to store your passwords, it is hard remembering them all. Never send passwords or other sensitive data via email that has not been encrypted.

Multi Factor Authentication (MFA) Methods

Authentication confirms an identity by comparing provided credentials against an existing database of authorized identities before allowing access to a given system or application.

MFA adds an additional layer of security to accounts or transactions. It usually combines something the user knows, like a password or PIN, with something they have, like a mobile phone for a number generating token. It may utilise biometrics eg a fingerprint or facial recognition.

Backups

Data backups ensure that if there is any data loss or theft, files can be recovered. You should always backup your data to a different location or source so hackers cannot access both areas and you should also backup your data regularly.

Severe data loss can be caused without warning and the result is typically a massive disruption to you and your business. In these instances, a robust data backup is often the only road to recovery.

Think about what data should be backed up and where it is located. Backups should be performed daily and can be taken on physical devices such as a portable hard drive, or through a cloud-based backup service, depending on your business needs. Digital backups can be secured through encryption or password protection. Store any physical backups in a safe location, while also making multiple copies where possible in case of device failure.

Don’t forget to test backups once they have been created. An untested backup could delay your business’ ability to recover from an incident and potentially leave you without a useable backup.

Software

Each piece of software your business uses offers the potential of unauthorised access into their host, making software a target for exploitation. Despite manufacturers’ best efforts, it isn’t possible to create perfectly secure software and so it must be patched and maintained to ensure it remains protected as new flaws and vulnerabilities are found.

Updates

Implement automatic updates where possible and create a manual update schedule for those that cannot be done automatically. Contact your device manufacturer or search their website for ‘Drivers and Downloads’ to find out more for each piece of software.

When setting up new devices remove any unnecessary pre-installed software, while ensuring that they have firewall protection enabled and are running up-to-date anti-malware software.

Modern operating systems offer built-in security features, allowing you to restrict the usage of individual users so implement these where relevant.

Removable media controls

These are a common route for the introduction of malware and the accidental or deliberate export of sensitive data. Be clear about the business need to use removable media and apply appropriate security controls to its use.

Accreditation

Gain cyber security accreditations which show your partners and customers that your company takes cyber security seriously. SMEs should pursue Cyber Essentials and Cyber Essentials Plus, or IASME (Information Assurance for Small and Medium Enterprises).

A strong cyber security stance is a key defence against cyber-related failures and errors, and malicious cyberattacks. Many attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations, so it’s vital to have the right cyber security measures in place to protect your organisation.

*Source: https://www.fsb.org.uk/media-centre/latest-news/2017/05/16/small-firms-need-to-take-immediate-action-on-cyber-crime