Cyber Security for small businesses isn’t rocket science. Research by the Department for Digital, Culture, Media and Sport (DCMS) in 2017 found that nearly half (45%) of all micro/small businesses have identified a cyber security breach or attack in the last year. With almost daily headlines about companies losing data and pictures of hackers in hoodies apparently watching your every move, it’s not surprising that protecting yourself online can be a daunting concept.
But following the five simple steps, outlined in the National Cyber Security Centre’s (NCSC) small business guide, can help to significantly reduce the potential for your business to become a victim of a cyber-crime and protect you from loss online.
Advice in the small business guide is based on categories focused on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.
1: Back up your data
Losing your business critical data, whether it be customer details, payment details or could have a major impact on whether or not you could continue to function.
Identify what is your business critical data and make sure you regularly back it up onto a separate drive or computer which isn’t connected to your main computer network. Also consider a backup which is taken off site, so that it can’t be stolen or destroyed in a fire or flood.
With the increase in incidents of ransomware (where your data is encrypted by online criminals rendering it unusable unless you pay) backing up data is even more important.
2: Protect your organisation from malware
Malicious software (malware) is something which can render your computer equipment useless if it is allowed to take hold.
Anti-virus and anti-malware software is often included within modern computer operating systems. It’s important to make sure that it is up to date and turned on.
Patching, or keeping any software and applications up to date is also a good way to ensure that online criminals can’t find easy ways into your network.
3: Keep smartphones and tablets safe
With smartphones and tablets forming an essential part of modern business, more and more valuable data is taken away from the office environment.
It is important that they are protected with strong passwords and that any additional security features such as fingerprint recognition are enabled. As with desktop computers it is essential that any apps and operating systems are kept up to date.
Also, think twice about using public Wi-Fi.
4: Use passwords to protect your data
Strong passwords are a great free and effective way of protecting your data on a computer, laptop or mobile phone. They should be easy for you to remember, but hard for criminals to guess.
Using a combination of 3 random words, or a passphrase with letters substituted for numbers and special characters is a good way to start. Then make sure you don’t write them down, share them with other colleagues or keep the default passwords you are given with a new account or device.
5: Avoid phishing attacks
Phishing e-mails, where a criminal tries to trick you into giving away important information, or clicking a link or downloading an attachment are increasingly hard to spot from genuine e-mails.
Businesses are increasingly targeted by fake invoices where staff are tricked into transferring money into what they believe is a genuine account for an existing customer or supplier.
Having staff check thoroughly and not being afraid to question whether e-mail are genuine is good practice and can help to prevent you from losing money or data.
Remote working
TITAN, the North West’s Regional Organised Crime Unit, has confirmed that in the North West, there have been a large number of ransomware attacks against small businesses and schools with attackers gaining access via computer ports used by staff who work remotely at home.
Remote Desktop Protocol (RDP) is often used by businesses as it allows employees to work on files etc. without physically attending their place of work. Unfortunately, if RDP is not configured securely, then it is vulnerable to attacks from cyber criminals.
If you have staff who use remote access, make sure that they use strong passwords for RDP to assist with protecting your wider network.
Reporting a cyber crime
Action Fraud are the national reporting centre for Fraud and Cyber Crime and they are available via telephone number 0300 123 2040. They are available 24/7, 365 days a year and crime reports can also be made via the Action Fraud Website https://www.iod.com/professional-development/open-courses/role-of-the-non-executive-director/ however, if you are suffering an ongoing attack then please pick the phone up and call Action Fraud directly rather than reporting online.