In 2019, nearly half of businesses reported a cyber security breach in the previous 12 months, and smaller businesses are no exception.
Financial loss, data breaches and reputational damage are just a few of the negative impacts of a cyber-attack. With GDPR compliance and data protection a huge concern for businesses, it’s even more important to avoid leaked data and potential fines.
Our guide explains how your small business can stay protected with effective cyber security.
What is a cyber-attack?
Cyber-attacks can take many forms. From the all too common phishing attacks to malware and ransomware, new online threats are constantly surfacing.
Cybercriminals come in many guises from hacktivists to nation states, but those groups that typically target small businesses are criminal gangs and are driven by financial gain. Private financial information, personal details and account login details are all sought after so that they can go on to commit fraud, data theft or extortion.
This can include stealing a customer’s information to commit identity fraud with other services or selling stolen credit card numbers and account profiles.
So, how can I protect my business?
There are multiple measures that should be considered to protect your business and should be put in place proactively to avoid security breaches, or if the worst does happen, to facilitate recovery.
Here are some tips that all small businesses should follow, as recommended by experts at FSB Cyber Protection.
1. Back up all your data
Make sure that all important information for your business – such as customer details, quotes, orders, payment details, document templates, financial records – is backed up safely and regularly, so that it can be restored in an emergency.
Store your backup in a secure place that other employees can’t access. A good place to store backups is in the cloud.
Your cyber security policy should outline your best practices for this, including what data will be backed up and how you will manage this.
2. Use passwords to protect your data
Switch on password protection on all devices, and use two-factor authentication on all user accounts where you are given the option.
A business password policy can help you to manage multiple accounts that your team may use, for example, social media accounts, editing apps or other software.
Keep login details of your business-related accounts secure by staying organised with your password management. There are tools online that can help you with this.
3. Keep all computers updated
It’s crucial that all IT equipment (computers, servers, smartphones, tablets) is kept up to date with the latest software updates. It’s good practice to set all your equipment to automatically update when patches become available.
4. Install antivirus software and firewalls
Ensure all computers have antivirus software installed and that it’s always on, and that your internet router and servers have firewalls installed. Doing so will help to promote security awareness in your business and amongst your team.
5. Only use trusted software
All computers smartphones and tablets should only contain software and apps from reputable services you work with or manufacturer-approved app stores.
Staff should be prevented from downloading any third-party software from unknown sources which might contain malware. A good way to do this is to remove admin privileges from their user accounts and remind them of your cyber policy.
6. Educate your employees about phishing scams
You can’t stop cybercriminals from sending phishing emails, but you can educate your staff to spot the signs. As a rule of thumb, employees should be suspicious of any emails that are not directly addressed to them, and avoid opening email attachments in emails from an unknown sender.
A good pointer to remember is: Are you expecting an email from someone? If an invoice comes through from a supplier for a service that you haven’t had, it’s probably a scam. It’s also a good idea to look at the email address that the email originated from – is it the same domain as the service you use?
And in particular, if an email is ever sent to the finance department requesting a transfer of funds, the employee concerned should always check in person with who sent them the email.
Is your security up to scratch?
FSB members have access to a wealth of downloadable guides and templates covering common cyber security issues, backed up by limited cyber insurance.