Protecting your small business from cyber attacks

Regardless of the size of your business, everyone needs to be aware that almost 60% of UK small and medium-sized enterprises (SMEs) have been a victim of a cyber-attack. These attacks on SMEs have increased year on year and in 2015, 50% of all cyber-attacks on UK businesses were focused on smaller organisations. Our focus as a managed service provider is to minimise any potential risk of a cyber attack on any one of our client businesses.

No business is too small to be a target!

If you are thinking of starting up your own business or already own one, you need to understand your cyber security and prepare to defend yourself and your business from attackers. You can contact us to help do this for you.

Why are so many SMEs so unprepared?

The world of start -ups and small businesses is hectic, fast paced and full of quick decisions. Many business owners do not have time to consider the full potential risk and damage that a data breach or malware issue could bring about. With that being said, they are quick to embrace cloud technology and its many benefits. The question I find myself asking is – why are they not thinking about cyber security?

In essence, this answer is relatively simple. The majority of small businesses consider themselves to be safe due to having anti-virus software installed to prevent cyber-attacks. It is also common belief that data is safe once stored in the cloud.

This is a worrying misconception! Whilst an anti-virus is a great step in the right direction for security, it is only a small step and certainly not the all-encompassing solution many businesses believe that it is.

How can I fully protect my business from cyber attacks?

There are many ways that a small business can defend themselves from a cyber-attack. See below for 5 useful tips that small businesses can use to defend themselves :

Data encryption

As a new concept to many, encryption is a difficult one to fully grasp. That being said, it is a necessary part of protecting a business’ sensitive data. An entry level description would be the process of scrambling text to render it unreadable to any unauthorised readers without the cipher (permission) to read it. You can encrypt many areas of your devices such as; individual files, folders, volumers or even entire disks, as well as USB drives and files stored in the cloud!

Encryption can be available to devices or areas where information is stored or in transit, such as:

  • Internet traffic

  • USB and external drives

  • Complete hard drives

  • Cloud storage

  • Password

As a trusted and well-established managed service provider (MSP) we have our favourite ways of doing this on a large scale, such as using BitLocker for Windows devices.

Malware protection

Malware is a general term for any and all malicious programs such as trojans and ransomware that could steal data, hold a business at ransom and cripple your business.

What you can do to protect your business from malware:

  • Install anti-malware and end-point solutions on all systems to keep your systems safe.

  • Keep your software and browsers up to date.

  • Consider restricting access to non-business websites to lessen the risk of being exposed. Approach an MSP to help deliver this across your business.

Our commonly used systems and anti-malware solutions are BitDefender, Malwarebytes and Microsoft Security Essentials.

Protect your network

It isn’t easy to maintain a fully secure small business network, however it is crucial for security. Increasing the protection of your networks (including wireless networks) against external attacks using firewalls, proxies and other measurements is paramount to keeping your business’ data and security at full strength.

Check that your are using the standard WPA2/PSK for your Wifi. This is the latest and best option for security in most SMEs. You can check this in the admin section of your router in the security options section.

Get an SSL Certificate

An SSL Certificate is extremely important for any business that takes payments in their website. This connection is encrypted and secures sensitive data such as card information, logins/passwords and data exchanged during the user visit.

It is also worth noting that should you be looking into SEO for your business. Google takes HTTPS into consideration when looking at your website.

Employee training

Almost 95% of business cyber attacks feature some sort of human error somewhere along the process. This can range from leaving physical doors unlocked to accidentally giving away a password via communications or social engineering.

The best and easiest way of minimising this risk is to make sure your team is fully trained in all business security processes and is aware of the dangers that not following this training can create. Training should include:

  • How to create a secure password.

  • How to safely and securely back up their work.

  • Make sure they know how to keep their machine clean.

  • Email security and processes for suspicious incoming emails with attachments, which should not be opened.