In the age of the data breach, company security has never been more important for businesses of all sizes. While every company should have antivirus and firewalls in place, it can be challenging for small businesses to know which security tools they need and how much to spend.
With so many high-profile attacks frequently in the news, it would be understandable for SMEs to feel that it is impossible to effectively protect their business – especially on a small budget. But effective cybersecurity does not necessarily require large amounts of money. The key to improving security is to identify weaknesses and protect against the simple things that could put your data at risk.
While cybercrime may feel high-tech and elaborate, the truth is that email is still one of the most accessible ways for hackers to gain access to your network. Phishing is a technique that is incredibly popular because when it is done well, it can be difficult to detect. By sending emails that appear to be from a colleague or reputable company, the hacker is able to collect sensitive information which can then be sold or used to conduct a wider attack.
While security tools can scan emails for suspicious attachments, it is down to the user to identify risk with phishing emails. The first step is staff training to ensure that suspicious communications are identified and flagged.
An inexpensive but vital step to boosting company security is to make sure there is a simple process in place for reporting potential phishing. Misplaced confidence or doubt on the employees’ part could put you company’s valuable data at risk, so make sure that they are trained to recognise suspicious emails and activity.
There is no time like the present for establishing a robust policy around company passwords. Using strong passwords may sound like simple advice, but despite years of warnings, most people prefer convenience to security and still opt for the simple, memorable passwords over more complex, secure ones.
The simplest way to balance convenience and security is to use a password manager tool. This will remember all of your complex password for you, and many even help to generate new passwords. All you have to remember is the single password for the tool.
Logins are not the only type of password that need to be carefully monitored. Be sure to use strong passwords for every device connected to your network. As IoT becomes more popular, many offices may now include voice assistants or other internet-based devices. These kinds of devices offer simple setup, but be wary. Unless you change it yourself, most will be using a simple default password. Adding a device with a default password is the equivalent of adding locks to your door and then leaving it ajar – if it is spotted, you are giving hackers an easy backdoor into your network.
Another simple step is to enable two-factor authentication wherever possible on your network. This is an easy way to increase your security, making it harder for hackers to change passwords and access data. While two-factor authentication is not always a default setting, it should be activated wherever possible.
Patches and updates
The importance of regularly installing patches and updates cannot be understated. While they might feel like a nuisance, do not ignore them. Patches are often created in response to a new threat and failing to install them could leave your data vulnerable to a breach.
Anything that connects to your network, including servers and personal devices used for mobile working, has to be running the latest version of their operating system. Many services, including antivirus, offer auto-update options – but these are often disabled for the sake of convenience. This can lead to updates being forgotten, creating unnecessary risk.
While monitoring updates for every device may be beyond the resources of a small business, a combination of updates scheduled for outside office hours and increasing personal responsibility around an individual device can help SMEs dramatically improve their security.
Education and communication
It is an old adage, but your security is only ever as strong as the weakest link. And as 88% of data breaches reported in the UK over the past two years have been caused by human error, educating your staff about your strategy and how to avoid attacks is possibly the most vital step in boosting your security.
Training should be regular and engaging; being dragged into a meeting room for a lecture each month is not going to be effective. Staff need to be sold your vision of cybersecurity and their role in it.
By turning security into something everybody has a role in, rather than something exclusive to the dedicated IT staff, you can build engagement and awareness. This minimises the chances of a breach through human error and makes clear what the process are for reporting anything that may appear suspicious.
In recent years, ransomware has become a common form of attack. In these instances, the hacker will lock your device and demand payment for the release of your files. In some cases, there may even be a timer increasing the ransom or counting down until the files are destroyed. If you have not prepared with backups this could be potentially damaging and expensive for your company. But luckily, those who do have backups in place will simply need to restore their device to remove this threat.
Cloud solutions are a useful way to ensure your backups are secure. Not only is the backup independent of your hardware, it can be stored away from your office network. An additional bonus is that good cloud services will provide layers of encryption to keep your data protected against the latest threats.
A typical cyber-attack on a UK SME is estimated to cost the company around £53,000 in downtime and ransoms alone. For small businesses, the impact of such a financial hit could be devastating, not least with the potential negative impact it could have on consumer trust with your brand.
While improved security may require an increase in funding for software and training, it will be significantly less than an attack could cost. By planning for the worst, you can ensure that your company is ready, reducing your chances of becoming the victim of a data breach in the first place.
Security is not something to put off. It is vital to not only protect your company from today’s threats, but also those that will come in the future. Threats to cyber security will continue to evolve, and your security needs to adapt along with it. Keeping up with the latest developments and vulnerabilities is vital when ensuring that your SME is protected in the most efficient way possible.