UK small businesses are at increasing risk of a cyber-attack.

Here’s how to protect yourself against cyber-crime..

Unfortunately, it’s not at all uncommon these days to hear about a well-known big business falling victim to a cyber-attack.

But you might be surprised to know it’s not just big business that suffers.

According to the Cyber Security Breaches Survey 2018, 43% of UK small businesses have suffered an attack in the past 12 months.

Only 14% of them have effective measures to ease any weaknesses.

The most common attacks reported were fraudulent emails, followed by cyber criminals impersonating an organisation online.

If you’re a sole trader or small business, how can you protect yourself against these and what are the repercussions if you don’t?

Your smartphone can be a target for cyber criminals

Chances are that you use a small digital device, such as a smartphone, to run elements of your business. A recent Norton Cyber Security Report estimated that 35% of people worldwide have at least one unprotected digital device which leaves them vulnerable to cyber-attacks.

It’s vital that all the devices brought into your business are secured with very strong passwords, which are regularly changed. You should also make sure the devices have up-to-date security software installed.

Make sure your team understands your security measures

It could be a useful exercise to run a cyber-attack training session for your team.

The price for this would be a fraction of the potential cost to your business of a cyber-attack.

Advice, such as; thinking twice before opening attachments, not clicking on links sent within an email and not using their work computer for personal business, can reduce the risks.

Cyber security is the responsibility of everyone in the business. It only takes one click to fall foul of an attack. It’s not something you can opt-out of either, everyone has to be on-board.

Restrict access to important data

Some critical data will always need to be held but make sure you restrict access to it to the people who need it.

When a staff member leaves the business, shut down their account as quickly as possible and change passwords.

If someone has left with a grudge, they could leak sensitive client information or compromise your system. It wouldn’t be easy explaining to clients why there has been a data breach.
Before hiring new staff, ensure you run necessary background checks and ask for references from past employers.

Install a combination of security software

Use anti-spam, anti-virus, and anti-malware software and make sure you update them regularly. Most computers will come with some software already but there are additional packages you can purchase that run over networks.

There are even some free security software packages available, so do your research and make sure you’ve got the right level of protection for your business.

Have a back-up plan and review it

The chances are you hold a host of information about your clients which you need to keep safe. Use external hard drives or the cloud to back up all your data. Make sure your team understands how to store files properly and securely and review your storage regularly to make sure it’s still suitable.

Are your passwords strong enough?

With so many passwords to remember, it’s all too easy to have the same password for everything. It might be easy to remember your old cat’s name but unfortunately, you’re leaving yourself more exposed to cyber criminals if you don’t use different passwords and change them regularly.

Write your passwords down (so you don’t forget them) and make sure that you have a secure place to keep them. Obviously, passwords and hardcopy files should be kept under lock and key. Another option is to use a password management tool, such as LastPass that you can use to generate very strong passwords and keep track of all them safely.

Don’t forget that if you have employees, this policy should be explained to them and you should ensure they change their passwords often. If you are running PCs over a network the best way is to configure your systems to expire passwords automatically every two months and not accept any new ones that have already been used.

What’s the worst that can happen?

The fact is, whether you sell on the web, hold client or customer information online or keep any other sensitive data, you are a potential target for cyber criminals.

If you don’t protect online information properly, it could be a disaster waiting to happen.

A data breach can lead to loss of clients, lost revenues, a fine, legal costs, damage to your reputation and a lack of future trust.

The National Cyber security Alliance estimates that up to 60% of small businesses go out of business within just six months of a cyber-attack.

You wouldn’t leave your house or office and not lock the doors and windows and Cyber security should be considered in the same way.

To summarise:

  • Make sure your staff are informed about cyber security
  • Think about your passwords
  • Install suitable security software to all devices
  • Review your policy regularly
  • Back up your data
  • Only give access to those people that need it
  • Don’t bury your head in the sand and hope it doesn’t happen to you.

 

The National Cyber Security Centre has produced a helpful checklist for small businesses and there is also one aimed at charities.

We take your security seriously.

As a business that holds sensitive information about our clients, cyber security is very important to us. Perhaps we can share with you how we protect ourselves against cybercrime.

We love to help businesses grow, so please give us a call or come and visit us at one of our THP offices located in CheamChelmsfordWansteadSaffron Walden and London City.

Join The Conversation
ICAEW
Member of the Legal Services Guild
Sign up for our Newsletter