There is a general mindset that small business is not the ideal target for hackers, but this is far from the truth. Survey statistics from the UK Department of DCMS report that 31% of small businesses identified cyber security breaches in the last 12 months. Worryingly, only 15% had a formal cyber management process in place, which means that about 85% of businesses are unable to respond effectively to a cyber incident.
Looking at the statistics, it is clear that hackers are interested in small business and are getting a high success rate due to the lack of safeguards present within smaller organisations. Your business is at risk when you are unprepared for a cyber breach. Hackers can steal money, sensitive and personal data that can result in damaging your relationships with employees, customers, and vendors.
Most of these cyber breaches involve personal data that must be reported to the ICO within 72 hours after discovery, but due to a lack of security controls in place a business won’t be able to respond. Building up your small business cyber security from the ground up is critical, therefore begin with the cyber security basics to help your business stay safe without spending unnecessary money on huge projects.
The following cyber security basics will help your business to build an effective cyber security management process:
• Malware can delete files or worse encrypt files through Ransomware. Invest in backing up your data, this can be done manually or preferably through an automation tool.
• Stop Malware from infecting your endpoints by investing in a business endpoint security solution. You get more security and features compared to using free versions.
• Create cyber security policies to help your organisation manage cyber risks. This can also be incorporated with existing data privacy and information security policies.
• A firewall is the main barrier between you and hackers on the internet. Consider investing in a new generation firewall that will give you advanced security but also more visibility on your network.
• Use strong passwords throughout your organisation, try not to reuse old passwords and consider implementing multi-factor authentication wherever possible.
• Manage mobile devices, to protect business information outside the network. This can be done by creating policies and implementing mobile security controls.
• Create an inventory of all the assets you want to protect and establish a mechanism to detect any changes. Invest in a good remote monitoring agent.
• Label all personally identifiable information under your control. This is a good prerequisite before starting a formal GDPR compliance program.
70% of cyber security breaches happen due to human interactions such as downloading malicious files and interacting with phishing emails. Continual staff awareness training is essential in order to help your employees deal with these threats; they are the last line of defence to protect your business against cyber attacks.
Implementing a web filtering solution allows an organisation to both protect its users from accidentally browsing to malicious sites, as well as gain visibility into, and control over, browsing habits.
Don’t get bogged down by a bunch of technical jargon or the fear of cyber threats. Instead, focus on the following after implementing the basics of cyber security:
• Start with a cyber security risk assessment or health check
• In order to prevent losing momentum when implementing a cyber security program, consider designating the responsibility to someone who can manage the process. Remember there is no perfect solution to stop all cyber threats, it will be a continual layered process defending your business.
• Awareness and transparency for all decision makers in the business is crucial, do this by making cyber security a permanent entry on the agenda of executive meetings. This will introduce the process to integrate cyber security into the overall business strategy, attributing to the business risk management policy.
• You are not alone, reach out to cyber security professionals for help!
Written by Tiaan Jonck, Security Analyst, Conosco