Cyber security for your business
First published 18 March 2019 • Updated 01 November 2019
If you run a business today, having good cyber security is as important as having locks on your office doors (perhaps even more so). What’s more – unlike physical locks – cyber security is an ongoing process of protecting your business, your employees and your customers against ever-evolving threats.
To protect your business effectively, you first need a good understanding of the threats that arise from using digital technology.
- What is cyber security?
- What are the main cyber risks for small businesses?
- Five steps to safeguarding your business
- Protecting your customers
- Maintaining cyber security
Cyber security is a blanket term that refers to all the measure you take to protect your IT systems from deliberate or accidental harm. It covers everything from minimising the risks of lost data or hardware, to defending against malicious attacks, hacking, viruses and digital espionage.
The government recommends 10 areas that cyber security should cover.
- Risk management
A robust central strategy for addressing cyber risks.
- A secure configuration
Your IT system should be kept up to date and free of unnecessary functionality.
- Strong policies for remote working
Be aware of how home working could open up vulnerabilities in your system.
- Good incident management
What are your policies for responding to a cyber crisis?
- Malware protection
Do you have sufficient protection from viruses, ransomware etc?
- Correct user privileges
Make sure no-one has more user privileges than they need to do their job.
- System monitoring
Do you have the means to spot attacks or problems as they happen?
- Secure networks
Think about where your data is stored and processed, and where it could be vulnerable.
- Controls over removable media
What hardware / software can workers take off-site, and could they create vulnerabilities?
- User education
Are your people sufficiently trained in cyber security?
Read on to find out more about the areas of cyber security that are most relevant for small businesses.
The main motivation behind cyber-attacks is usually financial, though pure malice can also be a factor. Money-motivated criminals will be after your data, specifically things like private financial information, customer details and account credentials, with which they could go on to commit fraud, theft or extortion.
Here are some of the common methods used by cyber-attackers.
Malware is any software program created to steal information from a computer or network. These programmes commonly spread through internet downloads. At its most sophisticated, malware can allow criminals to remove sensitive data and even control the compromised device or server.
Phishing is the attempt to gain sensitive private information through fraud. It often takes the form of emails that mimic customers, suppliers, companies and even governments in an attempt to trick the reader into opening attachments containing malware or entering their login details into fake websites.
Ransomware is a particularly nasty breed of malware that locks down a system and prevents users from accessing files or using certain programs until a ransom is paid. Today, criminals usually want to be paid via a credit card or cryptocurrency. There is of course no guarantee that paying the ransom will help in the slightest!
Cyber-criminals don’t have to infect your systems in order to cause havoc. They can also use tactics like distributed denial of service (DDoS) attacks, where they flood a website or server with requests in order to overwhelm it and force it offline. These attacks can be used to gain access to a company’s computer system or simply to find vulnerabilities that can be exploited later.
Cyber criminals are constantly working to come up with new methods to bypass cyber security systems. This is why businesses need to think about cyber security as an ongoing process, in order to stay one step ahead.
Proactivity is key to cyber security. It is far preferable to have strong defences in place already, rather than trying to react when an attack takes place.
Here are some steps you can take now to make sure you are as protected as possible.
Passwords are still the best tool to prevent data theft. But they need to be good ones. A strong password uses numbers and special characters, as well as both upper and lower-case letters. Also avoid using words that are in the dictionary. A good tip is to take two memorable words, put them together and then turn some letters to numbers. So ‘Badger Fox’ could become B4dg3rF0x or better still *B4dg3rF0x*.
Use different passwords for different programmes or systems, just in case someone with bad intentions (such as a disgruntled employee) does get hold of one.
2. Staying updated
You are not alone in battling against cyber-crime. Every programme or device you use will be trying to protect you as well, but you need to keep everything updated. You can usually set your devices to update automatically, and you should be prompted about the newest versions of the programmes you use.
3. Back up your data
All of the essential information that your business depends on needs to be stored in more than one place. This means you can retrieve it quickly in the event that it is stolen or destroyed. This backup should be stored on a completely different system to the one you mainly use, or on a physical hard drive.
4. Antivirus and firewalls
This software works to detect and filter out damaging viruses and files from getting on to your computers. You should have these on every device used for business functions, including your personal phone and computer.
5. Educate your staff
You won’t be able to completely stop phishing emails getting through, or ensure that your employees never come into contact with malware-infested websites. If you take the time and effort to make sure everyone at least knows what to look out for, how to avoid it and what to do if they accidentally click on a bad link or attachment, you will be much safer. Remember: Nigerian princes have much better ways to ship gold into the UK than by emailing random people.
Your customers will be concerned about cyber safety too. If you store things like email address, home addresses and especially payment details, it is up to you to make sure this data does not fall into the wrong hands (or you could be held liable for a huge amount of money).
As well as taking the steps outlined above, you may also want to think about the following steps.
- Encrypt user data.
- Use third party processors to handle customer financial information. This means you only verify that information is correct rather than store it directly (these companies are likely to have more stringent and up to date security measures in place).
- Regularly test your website or computer infrastructure for vulnerabilities.
- Put a disaster recovery plan in place in case data is lost or stolen.
- Take out cyber insurance.
Once you’re satisfied that your cyber systems and policies are as secure as possible, be sure to stay on top of it. If you can get it right at the start, future maintenance should be largely about checking for updates and continuing to train employees well. Unfortunately, the weakest link in the security chain is often the people who work for you, so time spent on their cyber training is rarely wasted.
Let us match you to your