Back in March the Government urged businesses to do a cyber spring clean before the end of the tax year. It would mean everyone starting the new tax year with a clean bill of cyber health. The thing is, March is pretty busy for most businesses but it’s still well worth getting round to now.
Why it’s important to look after business cyber security
The 2019 Cyber Security Breaches Survey, published last month, showed that 32% of businesses identified a cyber security attack in the last 12 months. Fortunately this is actually down from 43% the previous year.
The drop is partly thanks to the introduction of tough new data laws under the Data Protection Act and the General Data Protection Regulations (GDPR). The new rules threaten businesses with strict action if they don’t do what they can to protect people’s data.
However, the businesses that do suffer attacks seem to be experiencing more of them. The typical median number of breaches has risen from 4 in 2018 to 6 in 2019. Ouch! Also, where a breach has resulted in a loss of data or assets, the average cost of a cyber-attack on a business has gone up by more than £1,000 since 2018 to £4,180.
The National Cyber Security Centre (NCSC) says that a small or medium-sized enterprise (SME) has around a 1 in 2 chance of experiencing a cyber security breach. For micro/ small businesses, that could result in costs of around £1,400. It’s not something anyone wants to see on the bank statement.
Giving cyber security a regular checkup
A great way to make sure your small business is up to scratch on its cyber security is to work towards the Cyber Essentials certification. You don’t have to be an IT expert to follow the scheme’s simple steps.
The NCSC has also produced a ‘Cyber Security: Small Business Guide’. It aims to explain how to improve your cyber security “quickly, easily and at low cost”, with five essential elements.
Back up your data
Identify what data you need to back up and keep the backup separate from your computer. Use cloud storage or another means, and make it part of your daily task list.
Protect your organisation from malware
Install antivirus software, prevent staff from downloading dodgy apps, and keep all your IT equipment up to date. Control how USB drives (and memory cards) can be used, and switch on your firewall
Keep your smartphones (and tablets) safe
Set up password protection, and enable devices to be tracked and wiped if they are lost or stolen. Keep your device and apps up to date, and avoid connecting to unknown Wi-Fi Hotspots.
Use passwords to protect your data
As well as password protection, use two factor authentication and avoid using predictable passwords. Help your staff cope with ‘password overload’ by suggesting password vaults. Always change passwords from the default password.
Avoiding phishing attacks
Configure accounts to reduce the impact of successful attacks, and think about how you operate. Check for the obvious signs of phishing, and make sure that all staff are trained to recognise the signs, too. Always report any attacks!
Don’t ignore cyber security until you suffer a breach or attack. It can cost you a great deal of time and money. It also has an impact on your reputation and the trust of your customers, so get cyber spring cleaning now!