Cyber Security for a Small Business: The Essentials You Need to Know
Why should small businesses worry about cyber security? Put simply, business security incidents come with a heavy cost, no matter how small your organisation. Cyber attacks can cause considerable downtime, hinder productivity, and worse still, damage a company’s reputation.
The global pandemic has increased the risks. With many people working online from home, the new landscape has handed cyber criminals further opportunities to exploit.
The need to protect your business from cyber attacks has never been greater. But like many small businesses, you probably don’t have a specialist IT employee. So, what can you do? This blog discusses the most common cyber security risks for businesses and outlines what you can do to protect your business from cyber attacks.
The Current Landscape
According to Verizon’s 2021 Data Breach Investigation Report, almost a third (28%) of data breaches in 2020 involved small businesses, and more than 22% of small-to-medium-sized enterprises (SMEs) have suffered a security breach due to a remote worker since the outbreak of COVID-19.
Cloud cyber security specialists, Mimecast, also note how the global pandemic has presented increased opportunities to cyber criminals, observing a 64% increase in email threats as cyber criminals took advantage of the rise in digital activity. Mimecast report that 79% of businesses are hurt by their lack of preparation and that 40% fall short in one or more key areas of cyber security.
The incidences of data breaches are increasing. Yet, a survey by KPMG found that just 23% of small businesses prioritise cyber security as a top concern. Many businesses seem to think “it won’t happen to us.” But the KMPG research shows that 6 out of 10 small businesses have experienced a breach.
What is a Cyber Attack?
A cyber attack is any unwelcome malicious attempt to steal, expose, alter, disable or destroy information through unauthorised access to computer systems. There are a variety of ways cyber criminals hack into susceptible systems, including installing malicious software, such as malware.
Types of cyber attack include:
Phishing is where the hacker takes confidential data such as credit card information, usernames and PINs by pretending to be an authentic enterprise. Phishing emails containing links that may appear to be from a known contact asking a user to enter credentials for a bogus purpose.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or a business’s critical data is encrypted so that files, databases, or applications can’t be accessed. A ransom is then demanded to provide access.
Logic Bomb is what hackers refer to as ‘slag code.’ The malevolent code is purposefully injected into software to perform a mission when activated by a particular event. It’s not a virus but acts in a comparable manner.
Virus: We’ve all heard about computer viruses, which attach to or contaminate a system or computer files. It is also likely to affect other computers that share a network.
Stealing File Transfer Protocol Passwords is a very common technique targeted towards people who are not careful with passwords. Even webmasters who store their website login info on their badly secured PCs are at risk.
Email Bombing describes the most basic version of spamming. A spammer distributes a vast number of emails to a specific email address, causing the victim’s email account or server to crash.
The Consequence of Cyber Attacks on Small Businesses
The consequences of data breaches can be particularly devastating for smaller companies. A poll of more than 500 business leaders found nearly a quarter of UK SMEs (1.3 million companies) would likely go bust if they were forced to deal with the average cost of a cyber attack.
Cyber attacks cause delays in workflow, and damage reputation, plus poor data security is a barrier to winning contracts. KPMG’s research found that 94% of procurement managers view cyber security standards as important when awarding a project to an SME supplier.
How to Protect Your Business from Cyber Attacks
Most hackers are opportunists. Putting the right protection in place will minimise cyber security risks. The good news is – you don’t have to be an IT expert to implement the basics. Even the most rudimentary strategies go a long way in warding off threats.
Here are some of the essential steps you can take.
Be Aware of Cloud and Software Security
Always choose cloud platforms and applications that offer the highest level of security available and have built-in safeguards to protect against vulnerabilities. Joblogic, for example, is hosted on the world-class Microsoft Azure which offers robust security and encrypts all data (both static and in-transit).
Remember, not all cloud-based systems have the same level of security protection. It’s up to you to find out what the safeguards are when you sign-up to any services.
Ensure Safety Software is Installed on All Devices
Commit regularly to updating and upgrading the technological tools you use. Install up-to-date antivirus software and malware-fighting tools. McAfee and Norton are amongst the top 10 for antiviral software for small businesses. Most cyber security solutions for small businesses won’t cost the earth.
Keep Data Backed Up
Every business needs an IT disaster recovery strategy. While the main reason for data back-up is to save important files if a system crash or hard drive failure occurs, it also means if you’re the victim of a ransomware attack, or other system breach, you’ll have a back-up plan.
Know your VPNs and Firewalls
Firewalls ensure a ‘buffer zone’ between your own network and external networks. Businesses need extensive firewalls and spam filters. It’s not enough to simply rely on a single operating system’s firewall as this poses a major security risk. Find out more about system vulnerabilities and protection here.
Educate Your Workforce
It is critical to educate all employees and contractors using your business’s networks and systems, including those accessing software on mobile devices. Staff need to know about the dangers of opening suspicious emails even if the identity of the sender is familiar.
Ensure staff only download apps for mobile phones and tablets from manufacturer-approved stores (like Google Play or Apple App Store). Importantly, have a policy on security and IT use.
Staff accounts should only offer enough access required to perform their role. Full admin rights should only be given to those who need it.
Plan Security for Offsite and Travel
When travelling or working offsite, you should take additional precautions to guard devices. This should include creating a backup for all files, ensuring all passwords are updated, and checking antivirus software is up to date. Consider removing any sensitive or vitally important documents/information from these devices.
Update Operating Systems
All new versions of operating systems come with additional security features designed to keep evolving methods of cyber crime at bay. Devices do usually update automatically. However, the administrator of any device can regularly check for updates by checking the settings.
Ensure all IT equipment is kept up to date – that includes all tablets, smartphones, laptops and PCs.
Use Smart Passwords and Consider Password Managers
Design a unique password system for all your accounts to keep information safe. Avoid the predictable route of one-word passwords. Use phrases with numbers and capital letters (for example, ‘mydog13July’) to ensure more effective safety.
Always ensure password protection is switched on for all devices and where possible use two-factor authentication.
It’s important that staff can manage their passwords securely. Consider a password manager, such as LastPass, Keeper or Zoho.
If in Doubt, Seek Advice
Lastly, it’s better to seek advice to ensure you are fully protected than leave things to chance. There’s lots of cyber security advice for small businesses on the internet from reputable sources, such as the National Cyber Security Centre’s Small Business Guide: Cyber Security.
Key Takeaway
Small business cyber security matters because SMEs are a top target for hackers. Customers are more concerned than ever about the safety of their data, and cyber security standards are also of increasing concern to procurement managers.
Ignoring cyber security is a risky strategy.
As a small business owner or manager, without the right cyber security protection in place, you are at risk of losing customers, contracts or even your supply chain.
Now is the time for a system and processes overhaul. Ensure your staff and contractors are fully trained in the use of devices offsite, including how to keep passwords safe. Ensure all operating systems are up to date. Enlist the help of an IT expert if you need to. Remember, hackers are constantly evolving tactics, so you need to stay on the ball too.
At Joblogic, we help field service companies plan, manage and optimise their entire business operation in a single system. We ensure security is a top priority. Why not take this opportunity to streamline your business needs? Book a demo with one of our experts today to find out how.