Latest insights

Cyber security for small businesses

When you’re a small business, it’s easy to think that the cyber crime and the massive data breaches you hear about in the news only happens to big companies. The reality is quite different.

According to DC Jon Hill, of Cumbria Constabulary’s Cyber and Digital Crime Unit, cyber crime has increased by 15.2% in the last 12 months. In a 2021 survey of UK businesses, two out of every five businesses reported having at least one cyber security breach in the the past year.

The good news however, is that by following some basic steps which we’ve outlined below, you can significantly increase your protection against for the most common types of cyber crime and protect your company’s data, assets and reputation.

1. Backing up your data

Think about how much you rely on the data in your business. Customers details, quotes, finances,  online bank accounts, important emails and so on. Now imagine how long you would be able to cope without them. All businesses, even if you are a one person show, should be making regular data backups.

  • Step one: Identify what data you need to backup. What data would stop your business from functioning if you suddenly found you couldn’t access it?
  • Step two: Keep your backed up data separate from your day to day computer. Whether you keep it on a USB stick or on a separate computer, you need to make sure that they are not accessible by staff or permanently connected to the device holding the original copy.
  • Step three: Consider the cloud. You’re probably already using cloud applications in your everyday work and personal life. Using cloud storage means your data is physically separate from your location, and it’s easy to access.
  • Step four: Make backing up part of your everyday business. It’s a good idea to get into a regular routine for making sure your data is saved to the cloud or backed up to a safe drive.

2.   Protect your business from malware

Malicious software (also known as malware) is software or web content that can harm your business. The most common types are viruses.

  • Step one: Install and turn on antivirus software.
  • Step two: Make sure your staff are only downloading apps from reputable sources.
  • Step three: Keep all your IT equipment up to date.
  • Step four: Control how USB drives (and memory cards) can be used on the computers in your business.
  • Step five: Make sure you switch on the firewall included in your computer’s operating system.

3.  Using passwords

Everything we do online nowadays pushes us to create log-ins and passwords. Your laptops, computers and mobile devices contain a lot of important data that is protected behind passwords. These steps sound obvious, but you’d be amazed how often these small things slip through the net.

  • Step one: Make sure you set a screen lock password or pin on all devices and computers.
  • Step two: Use two factor authentication for important accounts.
  • Step three: Avoid using predictable passwords.
  • Step four: Consider using a secure password vault app such as 1 Password, Dashlane, or Norton.
  • Step five: Change all default passwords that were set on computers, devices or software when you purchased it.

4.  Make sure you and your team are phishing scam aware

A typical phishing attack is where scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money or steal your details to sell on. They are becoming more sophisticated and harder to spot.

  • Step one: Configure all online accounts to reduce the impact of successful attacks.
  • Step two: Consider ways that someone might target your business and make sure all your staff understand how to spot requests that seem out of the ordinary.
  • Step three: Make sure your staff are encouraged to ask for help or report if they think may have been a victim of phishing. The sooner you know about it, the sooner you can act.

Our final thought is to recommend that you make cyber and information security part of everyone’s job description. Most cyber breaches reach us at an individual day to day level. Your IT team can’t reasonably watch every keystroke of the people in your business.

With a little cyber security awareness and training, together with some consistent actions that keep your data safe, you can dramatically reduce your cyber crime risk.

Useful resources:

Upcoming webinar

DC Jon Hill of Cumbria Constabulary’s Cyber & Digital Crime Unit will be running a webinar on cyber security for small businesses on Tuesday 14th September 2021 at 10.00am