According to the government’s latest Information Security Breaches Survey, when a small to medium-sized (SME) UK company is hit by a serious security breach, the average cost to the business is upwards of £65,000. A third of small businesses were hit by a cyber attack in the previous year; yet when it comes to staying safe, 22% admitted ‘not knowing where to start’. If this sounds familiar to you, read on to find out how a combination of technology, good housekeeping, and common sense can help keep your business protected.
Cybercrime: what does it mean?
Information (or ‘data’) is valuable; and this, essentially, is what cybercriminals are looking for. If a business sells products or services either on or offline, criminals would tend to assume that such a business will be in possession of rich pickings. This could be in the form of customer contact and credit card details or other sensitive and confidential data. For other types of businesses, the data worth targeting might be linked to commercially valuable intellectual property and/or financial information concerning the business directly.
The ‘Cyber’ Element
The ‘cyber’ element refers to how the criminal can access this data. Depending on your business, this data is likely to be stored on a single computer, a shared drive on a network, or else remotely via the cloud (if you use cloud storage on Office 365 for instance, or if you use a cloud-based CMS for your e-commerce store). Using the internet, cybercriminals attempt to find a ‘way in’ to access this data – this is cybercrime.
What form can a cyber attack take?
You might imagine hackers as clever whizz kids, but the reality is often much less glamourous. More often than not, their way into a small business system is to guess a blindingly obvious password, or even to hoodwink people into willingly handing over sensitive information through an official-looking email.
Malware (short for “malicious software”) is another way in. A virus is a form of malware. It is a type of computer programme that replicates itself and has the ability to corrupt your data. It renders it unusable and potentially puts your business out of action until it can fix the problem. Spyware is another variant. Once inside your computer, it can identify and transmit data. It often focuses on especially valuable information such as credit card details.
Yet even in the case of malware, cybercriminals often rely on a triggering action on the part of the potential victim for the threat to become active. According to The Information Commissioner, 93% of cybersecurity breaches in Q4 of 2014-15 were down to human error. People are the weakest link in the security chain. If you know what to look for and what to avoid, you can massively reduce your chances of being hit.
How should you protect your business?
There isn’t a single quick-fix to download and install that will shield you from each and every threat. For small businesses, staying protected means taking a series of precautions. These are likely to include the following…
Stick with reliable service providers
With many types of business services such as e-commerce platforms and customer relationship management tools, data is increasingly stored remotely in a cloud. This is where it is secure by the platform owners. Ensure your cloud data is in safe hands by opting for well-known names in this field such as Salesforce and Shopify. Check that the software is compliant with ISO security standards, and check reviews from current users before you buy.
Stay on top of updates
It’s easy to click “Remind me later” each time a prompt appears to update your system or software. Many of these updates are there to keep on top of the latest security threats, so always update — don’t be lazy.
Choose safe passwords
The Telegraph recently revealed the top 25 most common passwords. ‘123456’ topped the list, followed by ‘password’. One form of hacking involves guessing usernames and passwords, sometimes with software designed to systematically go through different possible combinations. A strong password is one that cannot be readily identified to you. It should contain a mixture of numbers and upper and lower case letters.
Use firewalls, anti-virus software, and encryption
A firewall is a piece of hardware that provides a barrier between your business and external networks (i.e. the internet). Anti-virus software (Kaspersky or Norton, for instance) checks any newly-installed software. It warns you against visiting any suspicious-looking websites and it regularly scans your computer systems. All with the aim of identifying any malware threats.
Encryption tools work on the assumption that even if you are vigilant, you cannot totally rule out the possibility of data falling into the wrong hands. These tools are designed to render data unreadable and unusable to the intruder should a breach occur.
Keeping up-to-date with the latest cybersecurity technology is integral to maintaining your business’s security. For further advice on technology and managing the risks faced by small businesses, head over to our help centre.