- 22 February 2018
- Posted by: Danielle Donaldson
- Category: Cyber Security
According to the UK government’s Cyber Security Breaches Survey 2017 , 1 in 2 small or medium-sized enterprises (SME) experienced a cyber security breach within the preceding 12 months. With SMEs accounting for 99.9% of Britain’s 5.5 million private sector businesses, it is clear that adequate cyber security has become a necessity for almost all businesses.
Small businesses are becoming increasingly aware of the very real risks of being online. Not just for online businesses, but any business with an online presence. Even something as seemingly innocuous as sharing the same weak password across all your company’s social media accounts can lead to a hijacking of your social media accounts for malicious purposes.
The WannaCry ransomware attack made global headlines in 2017, infecting over 230,000 computers in over 150 countries, including large organisations such as FedEx, the NHS, and Telefónica. As the number of cybercrime and ransomware attacks continue to increase each year, it’s inevitable that this is just the beginning when it comes to large-scale attacks on par with, if not more malicious than, WannaCry.
There are cyber security strategies to suit any budget, and it doesn’t always have to be expensive. The most cost-effective cyber security plan is education.
Train employees to recognise phishing attempts
Staff awareness is crucial. We’ve all been on receiving end of spammy emails, and would like to think that we could never fall victim to such obvious traps. But deliberate attacks can incorporate social engineering, and aren’t always as obvious as someone wanting to share their lottery winnings with you. Particularly when an email address has been spoofed to resemble an internal correspondence, such as a harmless email from a colleague linking them to an external website. Employees may see the address that the email was sent from, and have no reason to doubt the integrity of it.
If you receive an email containing links or attachments that you were not expecting, verify first that they are safe to open. Even hovering over a link can display the destination URL, so you can quickly check any links.
Premium anti-malware software can protect employees from phishing, viruses, spyware and more, all in real time. The Windows operating system already has built-in security; but you do need to actually manage it to make the most of it.
Keep software updated to the latest patch
As annoying as it may be to constantly have to update your software (we’re looking at you, Windows!), there’s a reason why these software companies push you to update as soon as a new update becomes available. Most of the time, these aren’t just new features and designs they’ve added, but contain important security patches. The widespread ransomware chaos that occurred in 2017 was caused by outdated software.
New breaches and exploits are discovered on a daily basis, and software companies work hard to keep up with all the innovative new ways that hackers find a way in.
Frequently update your passwords
It can be tempting to re-use the same password across all your accounts, but this just means that once someone gets hold of one account, they will have access to all of your other accounts. It’s always advised to use a different password for each of your accounts, as you would a different key for every door or car you have access to. Yes, it may be inconvenient, but the advantage is increased security.
Passwords should be strong, preferably containing a random string of uppercase and lowercase characters, as well as numbers and special characters (if allowed). By utilising a password manager, or using password generators to create random passwords every time, no imagination is even required!
Evaluate different employees’ account permissions
Not all employees should be given the same privileges. Access should be restricted based on the work requirements of the employee. There also needs to be a procedure in place for when employees leave. This includes changing passwords for any account that they had access to, as well as deleting any of their private accounts that are no longer needed.
Ensure you are GDPR compliant
GDPR comes into effect May 2018, and is more than just a bureaucratic headache; it protects your customers’ privacy and enforces good cybersecurity practices. You’re essentially “baking in” user and customer security by design, so that it should just become second nature, as GDPR requires you to conduct cyber risk analyses to secure any personal data handled by your business. GDPR affects small businesses just as much as it does larger organisations. Even if your company is not based in the EU, if you provide any services to data subjects located within the EU then you are affected. This includes users visiting your website from the EU, and members of the EU purchasing from your company.
Small companies have a tendency to believe that they are exempt from cyber security measures, underestimating the value of their data, and therefore adopting a “this would never happen to me” brand of attitude. Sadly, cyber criminals target organisations of all sizes, and the smaller fish often become the easiest targets.