Cyber security for your business
First published 18 March 2019 • Updated 18 March 2019
If you run a business today, having good cyber security is as important as having locks on your office doors (perhaps even more so). What’s more – unlike physical locks – cyber security is an ongoing process of protecting your business, your employees and your customers against ever-evolving threats.
To protect your business effectively, you first need a good understanding of the threats that arise from using digital technology.
What are the main cyber risks for small businesses?
The main motivation behind cyber-attacks is usually financial, though pure malice can also be a factor. Money-motivated criminals will be after your data, specifically things like private financial information, customer details and account credentials, with which they could go on to commit fraud, theft or extortion.
Here are some of the common methods used by cyber-attackers.
Malware is any software program created to steal information from a computer or network. These programmes commonly spread through internet downloads. At its most sophisticated, malware can allow criminals to remove sensitive data and even control the compromised device or server.
Phishing is the attempt to gain sensitive private information through fraud. It often takes the form of emails that mimic customers, suppliers, companies and even governments in an attempt to trick the reader into opening attachments containing malware or entering their login details into fake websites.
Ransomware is a particularly nasty breed of malware that locks down a system and prevents users from accessing files or using certain programs until a ransom is paid. Today, criminals usually want to be paid via a credit card or cryptocurrency. There is of course no guarantee that paying the ransom will help in the slightest!
Cyber-criminals don’t have to infect your systems in order to cause havoc. They can also use tactics like distributed denial of service (DDoS) attacks, where they flood a website or server with requests in order to overwhelm it and force it offline. These attacks can be used to gain access to a company’s computer system or simply to find vulnerabilities that can be exploited later.
Cyber criminals are constantly working to come up with new methods to bypass cyber security systems. This is why businesses need to think about cyber security as an ongoing process, in order to stay one step ahead.
Safeguarding your business
Proactivity is key to cyber security. It is far preferable to have strong defences in place already, rather than trying to react when an attack takes place.
Here are some steps you can take now to make sure you are as protected as possible.
Passwords are still the best tool to prevent data theft. But they need to be good ones. A strong password uses numbers and special characters, as well as both upper and lower-case letters. Also avoid using words that are in the dictionary. A good tip is to take two memorable words, put them together and then turn some letters to numbers. So ‘Badger Fox’ could become B4dg3rF0x or better still *B4dg3rF0x*.
Use different passwords for different programmes or systems, just in case someone with bad intentions (such as a disgruntled employee) does get hold of one.
You are not alone in battling against cyber-crime. Every programme or device you use will be trying to protect you as well, but you need to keep everything updated. You can usually set your devices to update automatically, and you should be prompted about the newest versions of the programmes you use.
Back up your data
All of the essential information that your business depends on needs to be stored in more than one place. This means you can retrieve it quickly in the event that it is stolen or destroyed. This backup should be stored on a completely different system to the one you mainly use, or on a physical hard drive.
Antivirus and firewalls
This software works to detect and filter out damaging viruses and files from getting on to your computers. You should have these on every device used for business functions, including your personal phone and computer.
Educate your staff
You won’t be able to completely stop phishing emails getting through, or ensure that your employees never come into contact with malware-infested websites. If you take the time and effort to make sure everyone at least knows what to look out for, how to avoid it and what to do if they accidentally click on a bad link or attachment, you will be much safer. Remember: Nigerian princes have much better ways to ship gold into the UK than by emailing random people.
Protecting your customers
Your customers will be concerned about cyber safety too. If you store things like email address, home addresses and especially payment details, it is up to you to make sure this data does not fall into the wrong hands (or you could be held liable for a huge amount of money).
As well as taking the steps outlined above, you may also want to think about the following steps.
- Encrypt user data.
- Use third party processors to handle customer financial information. This means you only verify that information is correct rather than store it directly (these companies are likely to have more stringent and up to date security measures in place).
- Regularly test your website or computer infrastructure for vulnerabilities.
- Put a disaster recovery plan in place in case data is lost or stolen.
- Take out cyber insurance.
Maintaining cyber security
Once you’re satisfied that your cyber systems and policies are as secure as possible, be sure to stay on top of it. If you can get it right at the start, future maintenance should be largely about checking for updates and continuing to train employees well. Unfortunately, the weakest link in the security chain is often the people who work for you, so time spent on their cyber training is rarely wasted.
Let us match you to your