Cyber attack is a real threat to any business, but many small business owners don’t prepare thoroughly, often because they feel that there’s nothing they can do. There is evidence that small businesses are more vulnerable to cyberattacks, and it’s important to protect your business. The good news is that there are things you can do, even without the resources of a larger company, so in this article we’ll look at how you can protect your small business from cyber threats.
What we mean by “Cyber Security”
Cyberattacks are usually aimed at accessing, changing or destroying sensitive information, and are often carried out for profit by organised cyber criminals. “Cyber security” is any action you take to protect your business from such digital attacks.
Why is it important?
If a criminal gains access to your network, they can gain access to:
Customer lists and contact details
Customer credit information
Your company banking details
Your pricing policies
Intellectual assets
Criminals may also use their access to attack other companies who do business with you, like your clients and suppliers. In fact, cyberattacks can have such a devastating effect that 60% of small businesses that fall victim close down within six months of the attack. The consequences can include:
Financial losses from theft of banking information
Financial losses from disruption of business
High costs to rid your network of threats
Damage to your reputation after telling customers their information was compromised
Steps to protecting your business
Here are some actions you can take to protect your small business…
Back up your data
Any business, however big or small, should take regular backups of business-critical data. If your backups are recent, secure and can be easily used to restore your system, you’re more secure against ransomware attacks and other causes of data loss.
Identify any data that your business cannot run without. This could include documents, photos, emails, contacts and calendars.
Keep your backup separate from your computer. Backups should not be permanently connected to the device holding the original copy – either physically or over a local network. If possible, consider storing backups in a different location, so fire or theft won’t result in you losing both copies.
Consider using cloud storage (where a service provider stores your data on their infrastructure). This means your data is physically separate from your location, but will be easily available to you. Service providers can supply data storage and web services without you needing to invest in expensive hardware. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.
Guard against malware
Malicious software, or malware is software that can harm your business. The best-known type of malware is viruses, which are self-copying programs that can “infect” legitimate software. Here are some things you can do to limit the risk:
Deploy antivirus software on all computers and laptops. AV software is often included free with popular operating systems, and you may just need to click “enable” to make your system safer.
Keep your IT equipment up to date. Ensuring all IT equipment, including smartphones, tablets, laptops and PCs, are running the latest versions of software and firmware is one of the most important things you can do to improve security.
Switch on your firewall. Most popular operating systems now include a firewall, which will act as a “buffer zone” between your network and the internet.
Keep mobile devices safe
Your smartphone or tablet may be as powerful as a desktop computer, and many small business owners run their business “on the go”. Because they’re often used away from home or office, often on public WIFI networks while surrounded by strangers, it’s vital to keep them secure.
Use strong passwords, and enable face/fingerprint unlocking.
Make sure you know how to tack, lock and wipe your device if it’s lost or stolen.
Always install software updates as soon as possible.
Make sure you’re using the latest version of all your apps, particularly any productivity, accounting or financial apps you use.
Use tethering (connect using your 4 or 5G mobile network) instead of WIFI hotspots whenever you can. Never connect to a hotspot if you’re not sure who’s running it.
Use passwords correctly
Password protection, when implemented correctly, is a free and effective way to prevent unauthorised access to your systems and devices. However, failing to follow best practice can significantly reduce the effectiveness of your passwords, and therefore reduce the protection they offer:
Set a screen lock password on all your devices, including desktop PCs, laptops, smartphones and tablets.
Don’t repeat the same password. If your details are compromised in a data leak, criminals may try that password against all your accounts, so make sure all your passwords are unique.
Make your passwords as long as possible, with a mixture of upper and lower case letters, numbers and special characters. Avoid using predictable passwords.
Consider using a password manager, and make sure you can reset your password easily if you forget it.
Always change from the manufacturer’s default password.
Avoid phishing attacks
“Phishing” is where fake emails are used to trick you into sharing sensitive information. The criminals might try to use this information to steal from you directly, or they might use it in another scheme aimed to your business, your clients, suppliers or business partners. Phishing emails are getting more sophisticated and some will get past even the most vigilant of users, but here are some things you can do to minimise the risk:
Look for common signs like spelling or grammar mistakes or poor-quality logos.
Check if the email address make sense for the company that it apparently comes from
Resist false urgency – if the email threatens consequences if you don’t reply in time, or claims you’ve already been the victim of fraud and must act urgently, take a few minutes to evaluate it carefully before acting. No situation will get worse in the time it takes to carefully re-read an email.
If you receive unusual requests, apparently from business partners, suppliers, clients or colleagues, check them using a different method of contact.
Fine tune your email filter. Your email filter will attempt to block phishing attacks, but the rules will need to be tailored to your particular business. Too open and you’ll spend a lot of time evaluating scam emails, too strict and you’ll miss legitimate messages, so you may need to tweak the rules over time to get the balance right.
If you have questions or if we can help in any way, please call our expert team on 01296 468483 or email info@orangegenie.com.