Essential Advice for Small Business Cyber Security
Innovate UK is part of UK Research and Innovation, a non-departmental public body funded by a grant-in-aid from the UK government.
You’ve probably heard about the high profile cyber security attacks in the news. The truth is, cyber threats are not only prevalent for huge establishments like the NHS. SMEs are some of the most common targets of cyber attacks. It’s estimated that cyber crime cost UK businesses around £30billion every year. For many, cyber crime can lead to severe disruption and even potential closure. Here is some essential advice for small business cyber security.
#1 – Identify All Threats
“Cyber Risk Reviews must consider IT in your facilities such as AirCon, Lifts, Doors, Alarms & CCTV, not just networks” – Cevn Vibert, Industrial Cyber Security Advisory Director at Vibert Solutions.
Before you get started, you need to know how secure your business currently is. This involves a style of cyber security health check-up for your business. There are many third party security businesses which can carry out cyber audits for your company. This will involve checking the entirety of your company and highlighting where your potential vulnerabilities lay, both internal and external.
It’s worth remembering that cyber threats can lie in unlikely places. For instance, if an employee were to use an infected personal device while at work, this could make your entire network vulnerable.
Consider areas like data backups, regularly used devices, malware and virus protection, phishing attacks and employee privileges.
#2 – Make Cyber Security a Business Priority
“Don’t wait for an incident to occur, act now to protect the network and assets within it. Failure to do so can have significant impacts financially and impact the reputation of an organisation to a degree which they may not recover from” – Dan Driver, Head of Perception at Chemring Technology Solutions.
Once you’ve identified the potential threats to your business, it’s important to outline how you plan to deal with them. This needs to be communicated effectively to your whole team, as well as any contractors and suppliers involved in your business.
All data, including that shared with third parties, must be protected from unauthorised access, modification or deletion. All suppliers and contractors will play a pivotal role in the protection of your business, they must comply with your security policy and should not introduce any unmanaged vulnerabilities which could negatively affect your network.
Communication with your employees is key. Highlight the threats you’ve identified to them and explain how important they are to the successful implementation of your cyber security policy. Show workers how to mitigate risks and provide them with the support and training necessary to instil a security-conscious business culture.
#3 – Leverage Existing Schemes
“The most important stuff isn’t complex. Getting the basics right with Cyber Essentials can greatly reduce the threats” – Richard Bach, Co-Founder & Director at XQ Cyber.
You don’t have to do this alone, there is a lot of reliable help and guidance online that can get you started. The 5 controls from the Cyber Essentials scheme is a good place to start. These recommended steps can help prevent up to 80% of all cyber attacks. This scheme is specifically designed for protecting small businesses and even comes with a helpful guide.
#4 – Assume You’ll Be Hacked
“Prepare and test a plan to identify, communicate and recover to ensure you can rapidly resume business with limited impact” – Sam Smith, Head of Digital Risk and Security at Cadent Gas Ltd.
All businesses are potential victims of a cyber attack. With this being true, it’s important to take a proactive approach as opposed to reactive approach to cyber security. If you assume the worst case-scenario, you’ll be able to craft a plan to action should this incident arise. Consider how your business will react to a period of down-time, how will you maintain business-critical systems? Will customer data be protected?
If you’d like to find more videos like this, subscribe to Innovate UK’s YouTube channel.
Additionally, you can follow InnovateUK on Twitter here.
This is a really valuable post. I really agree with the statement of ‘assume you will be hacked’.
Almost 50% of UK businesses have been affected by a cyber attack and too many small businesses just assume that they will be ignored or forgotten about because they don’t have a large income. Planning ahead is definitely the correct mantra to have whether its educating staff within your business on the risks they are potentially facing or more importantly actually making sure that your network is properly secure.
Not all attacks can be completely avoided but you can certainly take action to make things for difficult for cyber criminals.
I wrote a blog with some more information on this myself; https://www.thecyberbee.com/identify-and-prevent-cyber-security-attacks/
A really good article as i said; cyber security should indeed be a MASSIVE priority for every single modern day business.