When you look to the media, it is very rare to see small businesses making headlines for being attacked by cybercriminals. However, cyber-attacks in the UK grew by a dizzying 140% in 2018, and show no signs of slowing down in 2019. Moreover, According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses.
These figures don’t seem to make sense at first glance. Firstly, why would attackers put a small business in their crosshairs? Surely the big payoffs would come from going after larger operations? Secondly, the news is filled with headlines about cyber-attacks on large entities like the NHS, British Airways, and TalkTalk – SMEs are very rarely mentioned?
It might be tempting to think that your business has little in the way of value for hackers in comparison to the Talk Talks and Yahoos of the world. The fact of the matter is that your business has systems which hold data. Anything your business can leverage to make a profit, so can hackers. The statistics speak for themselves:
2/3 of companies with 10 – 49 employees suffered some form of cyber-attack in 2018.
The ONS estimate around 4.5 million cyber-crimes were committed in England and Wales during 2018.
Cyber-crime now accounts for more than 50% of all crimes in the UK (National Crime Agency).
According to the UK Gov’s ‘Cyber Survey 2019’, 31% of small businesses & 60% of med-sized businesses experienced a cyber-attack in 2018.
These figures are intimidating: The threats are real. But something stands between them and your organization’s data: you and your security teams, with the insight, perspective, and tools to take action.
Here are a few simple, yet effective tips that will benefit any business owner:
1. Perfect Password Protection:
This seems obvious; password protection is a standard practice these days. However, using a strong password that gets changed regularly is the foundation of good cyber-security. Follow these simple protocols when creating your passwords to ensure they are as strong as possible:
- 8-16 characters in length
- combination of upper and lowercase letters
- include numbers and symbols
- don’t choose obvious passwords
- Change regularly
Implementing policies to deal with the sharing of passwords, even with co-workers, is also a good idea.
2. Layered Protection:
Layered protection in terms of technology and tools, means implementing various security controls to protect separate entryways. For example, deploying a firewall, endpoint protections, and secure email gateways – as opposed to relying only on traditional perimeter defenses. This also means limiting access to certain types of information, and adding levels of protection such as additional passwords, encryption, and so on.
Potential security risks can occur at a variety of levels. As a business owner, you need to set up security measures that provide multiple layers of defence against these risks. Layered security aids in keeping even the most sensitive data safe.
3. Monitor Personal Devices:
This sounds a little bit ‘Big Brother’-esque, but this doesn’t mean invading your staff’s personal privacy or disallowing specific software and apps. It just means that as a small business, you may not have the capital to provide devices like laptops, tablets, and smartphones for employees to use. In other words, employees may use personal devices to access company data.
If this is the case for your business, you need to create policies that allow your network administrator to install monitoring software, push automatic security updates, and call for regular password changes.
4. Train Employees:
Even with a technical support staff in place, your employees can create some of the greatest risks to cyber-security. However, when properly trained, they can also become some of your greatest assets – and a first line of defence against a data breach. With this in mind, it’s imperative that organisations conduct regular training sessions throughout the year to keep employees aware of potential scams and the ways they can make their organisation vulnerable.
5. Plan for Attack:
As you’ve seen above, cyber-attacks are now so prevalent, it’s best to prepare for the worst. You need to take a proactive approach to IT security. Ensure you employ a company that will take the time to get to know your business, and design a network security solution to suit your needs and budget.
6. Hack Yourself:
Before creating procedures and controls around IT security, organisations need to determine their risk. One of the best ways to find vulnerabilities is to hire an appropriate consulting firm or IT specialists to audit your system in search of weaknesses. From there, you can begin to make changes that will better protect your business, your network, and your clients.
SMEs have an inherent advantage over larger companies: smaller business tend to be more agile and flexible, so can adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. By giving cyber security the same priority as other business goals, SMEs can maintain their advantage and thrive in the new digital world. Cybercrime is on the rise and IT security is vital. ITCS can help you defend your data. Get in touch today for a free IT security audit – forewarned is definitely forearmed.