If you are a small to medium business, there’s around a 1 in 2 chance you will experience a cybersecurity breach at some point. But, that doesn’t mean you can’t take measures to reduce that chance with proper security enhancements and education.
The internet is used by most companies now to do business. And with it come huge opportunities and benefits. But also many risks.
Demonstrating responsible cybersecurity is essential to a good commercial reputation. Customers expect their suppliers to be safe. By practising safe behaviours on a daily basis and communicating these to your employees, you will dramatically raise your cyber awareness.
The most likely reason for an attack is intelligence gathering, so security, passwords, and your staff’s data handling is of the utmost importance. In 2014, 60% of small businesses experienced a cyber breach of some kind. And astonishingly, around 80% of cyber attacks could have been prevented by implementing very basic measures.
In this post, we talk about a variety of avenues you can take to protect your business from malicious hackers and cyber threats.
Effective training and IT governance will be one of your most vital cybersecurity actions.
Broadening awareness will reduce your risk exposure dramatically as staff become more knowledgeable about what should be considered suspicious.
E-learning is available for a range of cybersecurity topics such as information security, phishing ransomware. In addition, they can be used to help employees understand other security regulations such as IS0 27001, General Data Protection Regulation (GDPR).
When staff are aware of the format of phishing emails, for example, they can take the steps to report obvious signs of phishing so that you intervene before an attack takes place. Equally, when staff are trained on how to act responsibly when handling data and sensitive information, you can rest assured that internal threats are also reduced.
Often, threats to data happen accidentally through internal errors, which again, heightens the importance of education and awareness.
A Virtual Private Network (VPN)
A virtual private network, or VPN, is an encrypted connection over the internet from a device to a network. A virtual private network (VPN) encrypts all data leaving and entering your devices. So in the event of a malicious or unauthorised third party intercepting your data, all they will have is encrypted information.
VPNs can be used to protect internet activity when using public WiFi, which is incredibly important in today’s flexible working culture. With employees regularly working away from the office, a VPN protects you even when information is being accessed from other locations.
Your software update and apps should always be up to date. Most cyber attacks exploit basic vulnerabilities in IT systems and software which are usually enhanced when software becomes out of date. Ensuring staff continually update their software is a basic requirement for better cybersecurity.
Avoid using predictable passwords such as date of birth, the name of your company, or city, for example.
Do you have procedures in place to ensure your team members use strong passwords? Or do people have the autonomy to choose whichever they wish? If that is the case, it’s likely people are using the same passwords for multiple accounts which leaves you extremely vulnerable.
Additionally, staff should always choose the most secure settings. This one may sound simple, but not many people realise that most software and devices are set to default configurations by manufacturers, which makes them easily connectable and usable. This easy access provides cyber attackers with the perfect opportunity to gain unauthorised access to your information.
Use a firewall
Internet connections should always be protected by a firewall. A firewall protects your internet connection within the business environment only.
Vulnerabilities are inherent in business connections, and a firewall is essentially a system that protects your network from unauthorised access. A firewall analyses incoming traffic to decipher whether or not it should be allowed into your network.
- When using devices outside of the office, don’t send sensitive data over public Wifi hotspots, always use your 3G or 4G connection, or a VPN.
- Configure devices so that if they are lost or stolen, they can be remotely wiped or remotely locked.
- Consider backing up your data to the cloud. Cloud storage is inherently secure and a cost-effective means of secondary back up in the case of theft, loss, or attack.
If cybersecurity is something you feel you need assistance with, many fellow Chamber members have the facilities and expertise to support you. If you would like us to facilitate a connection, please get in touch.