Over 40 per cent of cyber attacks logged during 2015 were aimed at small companies. Criminals sought to exploit their digital weaknesses in order to steal sensitive information and disable their websites. Tony Neate, CEO, Get Safe Online, outlines his top tips to help businesses protect themselves against cyber threats.
The internet is now one of the main places to do business, and brings a wealth of opportunities and benefits, especially for small businesses. In fact, the ability to safely email, store data, work and transact remotely, and operate a website is crucial to everyday operation, success, and the ability to grow. Hand-in-hand with this comes a large element of risk, however.
Every day, cyber criminals are looking to use the internet to steal private information, money or disrupt how business is done. As such, it's vital that businesses do all they can to protect themselves online. Here are five tips to help you do just that:
1. Know your enemy
Threats to businesses can take a number of forms. These include: theft or unauthorised access to computers or other mobile devices; a remote attack on the company's IT system or website; attacks on information held by third-party vendors; or even gaining access to information through staff. Be aware of all the possible entry points and potential weaknesses.
2. Plan ahead
For smaller businesses, a systematic approach to security is key. This starts with an effective business security plan. To do this, businesses need to review their own skills and knowledge, determine if they need outside help, and then review any potential threats and risks which may affect their business
3. Prevent, detect and respond
Once the plan is in place, the next step is to implement procedures to prevent, detect and respond to security threats. This means installing anti-virus solutions on all systems, and keeping your software and web browsers up-to-date. Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed. You can also increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists, for example. For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
4. Think physical
Cyber threats aren't just online, they can be introduced by someone within the company or a third-party, such as a contractor. It's therefore important to restrict staff and third party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access. It may also be wise to restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Also, maintain an inventory of all IT equipment and software, and identify a secure standard formation for all existing and future IT equipment used by your business.
5. Instil a cyber culture
People are often the weakest link when it comes to cyber security, so make sure staff are properly trained around using technology securely. Setting the tone from the top and leading by example is equally, if not more, important as this should help create a culture in which everyone within the company is being vigilant and working to combat cyber threats.