Small business cyber security – how to protect your data & reputation
During lockdown, I seem to have developed an appetite for reading modern thrillers. If there’s one thing that connects them, it’s a recurrent theme of cyber-attacks. Whether the protagonists are spies, special forces soldiers or sophisticated organised criminals, a large proportion of them are cyber experts. From hacking into government computers and CCTV systems through to taking control of social media accounts, the acquisition and manipulation of data is key to so many plots. It’s nice, escapist reading – yet it seems worlds away from real-world, small business cyber security.
That said, small business cyber security isn’t a topic to be ignored. According to a study by Hiscox, cybercrime is very much on the rise. 55% of UK firms reported an attempted cyber-attack in 2019. Worse, Hiscox states that the average cost of a small business cyber security breach was £11,000. That’s not exactly small change.
In recent times, we’ve used this blog to cover various aspects of cyber security for small businesses. In case you’ve missed any of these posts, you can follow the links below:
- Email security – useful tips for businesses
- Data theft – top tips for ensuring your business is protected
- Be aware of coronavirus scam emails
- Cyber crime – is your business taking this seriously?
However, we thought now would be a good time to bring this advice together and offer you some more tips concerning small business cyber security.
Free advice from the National Cyber Security Centre
The National Cyber Security Centre (NCSC) is a government organisation that offers advice and support on cyber security to the private and public sectors. Its parent organisation is actually GCHQ and, when it was set up in 2016, one of its first jobs was to work with the Bank of England and advise financial institutions on keeping their online defences secure.
NCSC also has a remit to help small businesses. One of the key ways it does this is via its Small Business Guide: Cyber Security guide. We strongly recommend reading this. It gives you excellent advice on the following topics:
- Backing up your data
- Protecting your organisation from malware
- Keeping your smartphones (and tablets) safe
- Using passwords to protect your data
- Avoiding phishing attacks
The guide offers plenty of practical steps to improve your cyber security and reduce the risk of a successful attack on your data.
Protecting your clients and customers
A breach of customer or client data can be catastrophic for your business. Aside from the nightmare of dealing with compromised data protection, the damage to your reputation could be irreparable.
For this reason, it’s a good idea to take a systematic and more formal approach to cyber security. NCSC recommends that firms consider seeking certification under the Cyber Essentials scheme.
The Cyber Essentials scheme helps you take an objective view of your cyber security. The benefits of doing so include increased reassurance for customers and clients, the possibility of attracting new business and being properly aware of your cyber security level. It’s also worth noting that some government contracts require that you have this accreditation.
How do I sign up for Cyber Essentials?
There are two levels of accreditation: Cyber Essentials and Cyber Essentials Plus. At THP, we have held Cyber Essentials Plus since December 2019.
The basic Cyber Essentials accreditation is based on self-assessment against five basic security controls. If your business has a turnover of less than £20m, it also includes automatic cyber liability insurance.
Cyber Essentials Plus, on the other hand, offers an external technical audit of your systems. A qualified assessor will examine the same five controls, meaning that you get independently verified results. We recommend doing this process for the best insights into improving and maintaining your cyber security. This level also includes the same insurance for firms with turnover under £20m.
You can learn more about Cyber Essentials and sign up for accreditation on this page.
When we went through the Cyber Essentials process, we have to admit it was nothing like being in the pages of a spy thriller. But it was a useful and practical process that helps us to better protect our clients and their data. So, if you want to improve your small business’s cyber security, we recommend doing the same. The NCSC also offers a helpful cyber security newsletter for small organisations, which you can sign up for here.
About Ben Locker
Ben Locker is a copywriter who specialises in business-to-business marketing, writing about everything from software and accountancy to construction and power tools. He co-founded the Professional Copywriters’ Network, the UK’s association for commercial writers, and is named in Direct Marketing Association research as ‘one of the copywriters who copywriters rate’.