According to the government’s latest Information Security Breaches Survey, when a small to medium-sized (SME) UK company is hit by a serious security breach, the average cost to the business is upwards of £65,000. A third of small businesses were hit by a cyber attack in the previous year; yet when it comes to staying safe, 22% admitted ‘not knowing where to start’. If this sounds familiar to you, read on to find out how a combination of technology, good housekeeping, and common sense can help keep your business protected.
Cybercrime: what does it mean?
Information (or ‘data’) is valuable; and this, essentially, is what cyber criminals are looking for. If a business sells products or services either on or offline, criminals would tend to assume that such a business will be in possession of rich pickings in the form of customer contact and credit card details or other sensitive and confidential data. For other types of businesses, the data worth targeting might be linked to commercially valuable intellectual property and/or financial information concerning the business directly.
The ‘cyber’ element refers to how this data is accessed by the criminal. Depending on your business, this data is likely to be stored on a single computer, a shared drive on a network, or else remotely via the cloud (if you use cloud storage on Office 365 for instance, or if you use a cloud-based CMS for your ecommerce store). Using the internet, cyber criminals attempt to find a ‘way in’ to access this data.
What form can a cyber attack take?
You might imagine hackers as clever whizz kids, but the reality is often much less glamourous. More often than not, their way into a small business system is to guess a blindingly obvious password, or even to hoodwink people into willingly handing over sensitive information through an official-looking email.
Malware (short for “malicious software”) is another way in. A virus is a form of malware: a type of computer programme that replicates itself and has the ability to corrupt your data, rendering it unusable and potentially putting your business out of action until the problem is fixed. Spyware is another variant. Once inside your computer it is designed to identify and transmit data, often focusing on especially valuable information such as credit card details.
Yet even in the case of malware, cyber criminals often rely on a triggering action on the part of the potential victim for the threat to become active. According to The Information Commissioner, 93% of cyber security breaches in Q4 of 2014-15 were down to human error. People are the weakest link in the security chain, so if you know what to look for and what to avoid — you can massively reduce your chances of being hit.
How should your protect your business?
There isn’t a single quick-fix to download and install that will shield you from each and every threat. For small businesses, staying protected means taking a series of precautions. These are likely to include the following…
Stick with reliable service providers
With many types of business services such as ecommerce platforms and customer relationship management tools, data is increasingly stored remotely in a cloud; where it is secured and managed by the platform owners. Ensure your cloud data is in safe hands by opting for well-known names in this field such as Salesforce and Shopify. Check that the software is compliant with ISO security standards, and check reviews from current users before you buy.
Stay on top of updates
It’s easy to click “Remind me later” each time a prompt appears on your screen to update your system or software. Many of these updates are designed to keep on top of the latest security threats, so always update — don’t be lazy.
Choose safe passwords
The Telegraph recently revealed the top 25 most common passwords. ‘123456’ topped the list, followed by ‘password’. One form of hacking involves guessing usernames and passwords, sometimes with software designed to systematically go through different possible combinations. A strong password is one that cannot be readily identified to you, and that contains a mixture of numbers and upper and lower case letters.
Use firewalls, anti-virus software, and encryption
A firewall is a piece of hardware that provides a barrier between your business and external networks (i.e. the internet). Anti-virus software (Kaspersky or Norton, for instance) checks any newly-installed software, warns you against visiting any suspicious-looking websites, and regularly scans your computer systems — all with the aim of identifying any malware threats.
Encryption tools work on the assumption that even if you are vigilant, you cannot totally rule out the possibility of data falling into the wrong hands. These tools are designed to render data unreadable and unusable to the intruder should a breach occur.
Keeping up-to-date with the latest cybersecurity technology is integral to maintaining your business's security. For further advice on technology and managing the risks faced by small businesses, head over to our help centre.