Protecting your SME from Cyber Threats
In the UK it is estimated that, should a date breach occur, an SME will lose an average of £310,000.
Unless you have been living under a rock, you will have heard about the Cyber Attack on the NHS. Blame is being cast and some of the top tech minds in the world a furiously scrabbling to implement new securities to prevent a similar incident.
With the likes of the NHS, Google and Play Station falling victim to tech-savvy criminals, Small Business owners are seriously concerned about keeping themselves safe, and rightly so! Google and Facebook have been conned out of $100 million. That is, obviously, more money than most of us can ever hope to earn, but the loss to small businesses is still significant. In the UK it is estimated that, should a date breach occur, an SME will lose an average of £310,000.
Many of our clients ask for advice on keeping themselves safe from this, every present, threat. Most SMEs do not have an inhouse IT department, or access to Tech Professionals. They will still have data, payment information and client details that need to be kept safe.
Being London based, we see many people plugging in to unprotected WiFi spots, using dongles to do a few extra hours of work during the commute. Popping the laptop down in the Central London pub, while you pop to the bar. All of this is poor security. And we know it. Everyone knows that you should only use protected internet connections. Everyone knows that your hardware should be stuck to you…take it to the bar….by it a drink even, just keep it with you.
This stuff is obvious, but there are a few not so obvious things that you need to be doing too. So, here are our top tips to keep you and your business safe in the (terrifying) computer age!
Don’t sweep it under the rug
Our first piece of advice is; Do NOT ignore the issue. According to an Experian Data Breach Study 51% of SMEs do not see cyber security as a top priority for their firm.
We understand it is a confusing space, and perhaps you feel like you are not at risk being a “small fish”, but these scams are indiscriminate and if you are not taking steps to protect yourself then you will fall foul to these criminals.
You wouldn’t leave your office without locking the door, so don’t leave a virtual back door unlocked either.
Create a response plan, and educate your staff
Spend time figuring out what you would do if you are hit with a cyber attack. Everything from how staff should deal with a suspected hack, to how you would inform your clients if sensitive information is stolen.
Share this information with your staff, and ensure that it is covered regularly. Everyone needs to know their responsibilities. From staff induction to annual appraisals, it is important to create a culture of security. With people sharing every aspect of their lives online, it is all too easy for people to become complacent in the work place.
This will not only protect you from the attack in the first place, but should you be unlucky enough to be hit, a proper and professional response will ensure that reputational damage is kept to a minimum.
Guard against spam
The biggest threat to a small business will be ransomware attacks. This software will lock a device (everything on the network from phones to desktops and tablets), and the hacker will demand a ransom to unlock it. This technology requires a user on the business end to open the file, so you need a two-fold solution.
- Firstly, ensure that you have anti-virus software on all machines. This should scan all emails for any potential threats, and stop them landing in peoples inbox.
- You must ensure that staff do not open emails or attachments from unknown sources, and take all reasonable care, even when the source appears to be known. Unusual email addresses, poor spelling and unsolicited attachments are all things that staff should be vigilant against.
Protect Your Cloud
Many companies now a days have embraced cloud technology. It is used for everything from storage to virtual working solutions. This must be protected at all costs. We suggest considering a hybrid solution to incorporate enterprise computing. This would mean you would have more security and network options, for example, the ability to use a Virtual Private Network (VPN) for remote users. Data confidentiality can be more tightly controlled in this instance, as it will always sit with the company, as opposed to third party networks.
If you do choose to stay entirely cloud based, there are a few things that are absolutely essential.
- Read all your user agreements. Make sure you understand how that particular cloud service works. Understand how they use the information, what rights (if any) they have to it and how they protect the technology.
- Have a sensible password. No, not your dogs name. No, not your birthday. A serious of letters and numbers that are completely random, will give you the best chance of protecting your information. The password has to be unique, and all users of the cloud need to adhere to this policy. Oh, and the tricky bit – remember it by heart, never write it down.
- Encrypt your files before adding them to the cloud. You can either use a software to do this, or far easier (and free) is to zip the files and add a password then, before uploading.