Cyber security is one of those issues that many people, both domestic and small business, are aware of, but it is not often at the top of their to-do lists.
You need to change your thinking now and get serious about cyber security.
Cyber fraud is increasing every year. It’s increasing both in terms of the number of attacks, and their ultimate cost to businesses. In the past 12 months, 48% of British small businesses have been targeted by cyber criminals.
It’s also estimated that just one successful breach can cost a small business between £75,000 and £311,000. Very few small businesses could survive a loss of that size given the pressures they are already under.
You have to recognise that this is not just an issue for the IT guys – it is a business issue and it can affect any type of company, from accountants and law firms to hairdressers and builders.
Protect your business by educating your business
You don’t have to invest thousands in cyber-crime control systems. But to protect your business, you must learn the basics of cyber security – and share that knowledge with everyone on the network.
That means familiarising yourself with the key forms of cyber-attack, including:
- Hacking, which means a cyber-criminal has gained access to your computer system – perhaps through a programme that guesses passwords to one of the systems you use. That’s why you must use passwords that are long, complex, and include a mix of letters, numbers and symbols.
- Malware, which means malicious software, enabling cyber-criminals to access your systems and devices, and disrupt them or even take information from them. This includes Spyware, which can help to obtain your passwords – and is commonly used to steal internet banking passwords. Other forms of malware can allow a criminal to remotely control your devices, while Ransomware can lock files or systems on your computer until you pay a fee to unlock them.
- Phishing is something we’ve probably all dealt with – referring to emails sent by cyber-criminals pretending to be someone else. The aim, of course, is to get us to provide desirable information like bank details or security passwords. While some are so poorly written that they’re easy to detect, they’re becoming increasingly sophisticated, and can even seem to come from legitimate sources that we’re familiar with.
Conduct a cyber security audit
Conducting a cyber security audit might sound complicated and expensive, but it’s neither. It’s about common sense, good practice, and following simple tips that are all widely available.
At the very least, you need to have a decent, up-to-date firewall installed. Ideally, you should also have antivirus software to protect your systems from malware. Neither needs to break the bank, and you can buy products that combine both features for as little as £30 or £40 a year for each computer your company uses.
Beyond that cost, it’s just about being smart and vigilant. Create complex passwords that you change regularly. Only click on links or open attachments from trusted sources – and if you’re unsure of an email’s authenticity, carefully check the sender’s address (a neat trick is to hover the cursor over the address – if it’s been faked, this will reveal the real address).
You should also think about using a penetration testing service. Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
And one of the best tips of all is also the easiest: be wary of what you put online. In the same way you shred physical envelopes to remove traces of your postal address, you should conduct an ‘online shred’. Check your website, social channels and blog posts to ensure you only leave essential details, and remove any mention of personal email addresses.