Jan 30, 2020
October 31, 2019
Cyber Security: Trick or Treat?
Did you know that October isn’t all about Halloween? October also marked European Cyber Security Month and in the business world, few things pose more of a threat than viruses and phishing emails.
Small businesses are not immune from these threats, if anything small businesses are particularly susceptible to breaches and hacks simply because their limited resources can leave them unprepared.
The best advice is to not leave your business open to a nasty fright and take these five steps to improve your cybersecurity and protect your business.
1. Assess your Environment
Before you can start to put appropriate defences in place, it’s important for businesses to understand where they currently stand. Cybersecurity assessments should be carried out periodically and are designed to highlight any strengths and to potentially identify any weaknesses. This will provide an opportunity to react to these weaknesses before they become a vulnerability that attackers can exploit.
It’s also recommended that staff are involved in this activity to help increase awareness of cybersecurity across the organisation, helping to instil a cyber-culture from the top down.
2. Instilling a Cyber Culture
Setting the tone from the top and leading by example will help create a culture where everyone within the company is being vigilant & adhering to cybersecurity policies, such as password rules. This is important, as people are often the weakest link when it comes to cybersecurity and human error can be the most difficult element to control.
Ensuring staff are properly trained is also essential when attempting to create a cyber-culture. This can also help keep your business safe from one of the most popular & effective attacks: phishing. Employees need to understand everything that is possible in a phishing attack, and what details to be on the lookout for. The first instalment in our Cybersecurity workshops focusing on preventing phishing attacks is a good starting point for your staff. Download it free here.
3. Keep Software up to Date
The reason for new software updates being released is because bugs have been identified, which provides an opportunity for attackers to exploit the vulnerability and potentially steal information, penetrate networks and cause severe damage to your company.
That’s why it’s important not to ignore those pop ups that always seem to appear at the most inconvenient time, it’ll almost certainly cost you less time to install an update than it will to deal with an actual breach. Consider routinely checking all major software on at least a bi-weekly basis and apply any required patches or updates.
4. Encrypt and Back up your Data
Encrypting your data is another proactive way to improve your business cybersecurity. By encrypting your data then you are rendering it useless if it does fall into the wrong hands. As a minimum all sensitive data such as customer information, employee information and business data should encrypted. This provides an extra layer of defence should your data be compromised in some way, as you will know attackers still can’t access it.
Additionally by backing up your data on a regular basis, you will be able to quickly recover in the event of data loss and restore business. It also puts your business in a better position should you come under a malware attack where attackers take control of your systems and then ask for a ransom to have your data restored. The most well-known case of a ransomware attack was ‘WannaCry’, which majorly affected the NHS in 2017. In this scenario, hackers were able to gain access by exploiting a Microsoft vulnerability – another good reminder to run any outstanding software updates.
5. Have an Incident Response Plan
Understanding that all the protections and defences you put in place will never be 100% effective is an important part of implementing an effective and comprehensive cybersecurity strategy, as it enables you to design an incident response plan.
Being able to react effectively if your organisation does experience a successful attack is essential. It should include elements such as data recovery processes, who is responsible for which part of the response and even how to communicate to organisational stakeholders when necessary.
As new threats are emerging every day and cyber criminals are becoming more organised it can be overwhelming for a business to keep up with all the latest cybersecurity protection. We hope this blog is a good starting point for your small business and if you want to find out more about improving your cybersecurity, visit our Resource Centre to download our three Cyber Security Workshops.