These 6 rarely done tricks will make you more cyber resilient
The rise of digital technology has opened up new opportunities for success to the small business community. But embracing this future means exposing yourself to risk, specifically in the form of cyber crime. From individual hackers or organised groups stealing business data to foreign governments seizing intellectual property, the downside of digital technology and the costs involved, are obvious.
In a 2016 Federation of Small Business (FSB) survey, 66% of small business owners said that they had been a victim of cyber crime. Over the 2-year period studied, the average cost of these crimes was £3000, with the total annual cost to businesses standing at approximately £5.26bn (2014/2015).
In the current digital climate, small businesses using new technology should be well aware of the risks to their company and data. Many are putting the standard security measures in place to ensure they are better protected. But are they missing some key ways to become more cyber resilient?
By now, you’ve probably heard of using security software, backing up data, and regularly updating IT systems to keep your small business protected. But what are some of the other lesser known, and rarely implemented, ways for you to stay safe online?
Here are 6 actions you can take to improve your cyber resilience that you’re probably not already doing…
1. Have an actual, written down plan
It may seem simple enough, but it’s a step that many businesses fail to take. The most successful and cyber resilient companies are the ones that have a written plan which details the measures to take, and the people and organisations that need to be contacted if an attack occurs. Without a written plan, things can quickly go array or escalate. According to the FSB study, only 4% of small business owner respondents said they had completed this simple step.
It’s one action that frequently gets sidestepped, but if/when a breach happens it would become an invaluable source of information and one of the first things you would look at to help your situation. Take the time to sit down and come up with your own company plan of action. Write it down, share it around and store it so you’re ready if and when the worst happens.
2. Get advice or take a course
With the threat of cyber attacks constantly growing, the number of advisory bodies, training and educational courses being set up to help small businesses is constantly improving. Yet despite all the different schemes out there, only 5% of SME owners surveyed by FSB said they had sourced advice on cyber security, and only 2% had obtained a recognised security training certificate.
The UK government has several different schemes for businesses who want to be more cyber resilient. Cyber Aware is a campaign which aims to drive change amongst small businesses so that they adopt simple secure online behaviours to help protect themselves from cyber criminals. Plus there is a Cyber Essentials training scheme for individuals or business owners who want to understand the issues around cyber security more clearly and take extra steps to keep themselves safe from attack.
There’s also Get Safe Online, which is a resource providing practical advice on how to protect yourself, your computers and mobiles device, and your business against fraud, identity theft, viruses and many other problems encountered online. Finally, Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced a digital attack. As a business, if you are suffering an attack you can call 0333 123 2040 straight away to get help and advice.
3. Really get on top of encryption
You've probably heard of encryption and how using it can help you and your data stay safe, yet many businesses seem to shy away from it for fear it will make things too difficult. In the FSB’s study, only 7% of small businesses said that they encrypt stored data. Similarly, only 5% noted that they encrypted their communications.
What you need to encrypt will entirely depend on your unique business and the data that you handle and store. Encrypting data stored in the cloud and email is likely going to be the most important place for most businesses to start, and with the right solution, encryption should not cause issues to your daily work life. You should also check your network and operating system encryption services. Many will already have high protection in place (like Windows BitLocker and Mac’s File Vault), but it’s worth noting what you have already in place and whether you’ll need more security.
4. Undertake regular testing
Many small businesses now have security methods and systems in place to protect against attack, but it seems that very few are actually checking that they work on a regular basis. In FSB’s survey, just 11% of respondents said that they performed regular security risk assessments, and only 9% said they undertake regular security testing.
With digital threats constantly changing, and new malware, ransomware and virus strains increasing, it’s important for businesses to continually assess their security policies and strategies, and to test them to ensure they are constantly getting the best level of protection. Out of date security is very unlikely to protect you against a present-day cyber attack. Hackers can quickly modify their work to find loopholes in old security software and systems. Your best method of defence is to have a constantly updated security policy that you know will work in case you’re breached. Test your security at regular intervals, and make changes swiftly and as necessary.
5. Check all providers and contracts
Cloud and online services are now a major player in small businesses, and they can be key to a company’s overall success. But how many SMEs check the small print when signing up for these services? Very few, according to the FSB report. A measly 11% said they checked provider credentials and contracts when using the cloud or other online services.
It’s important to know that not all cloud and online service providers are created equally. Some will offer you high-security protection as standard, whereas others may not, leaving you open to potential attack or loss of data. Whenever you sign up to new services, it’s key to read the terms and conditions of your contract and work out what security your data has, who’s responsible for its safety, and whether the company will take an active role in keeping you safe or will leave you to your own devices.
6. Take out cyber insurance
Cyber insurance obviously won’t protect you from attack, but it can help you recover if you become a victim. With two-thirds of small businesses succumbing to a cyber attack, it seems like a wise move to try and mitigate the costs of an attack by ensuring the company against it. However, only 6% of those surveyed by FSB had actually taken out a policy.
Cyber insurance policies can help to offset the costs involved in recovering after a cyber security attack or data breach. Generally, they cover expenses related to the first party and claims made by third parties, but each policy is different and needs to be checked over thoroughly before committing.
Whether you need cyber insurance will depend on your business, but the general rule is if you store or maintain customer information, use online payment or the cloud, you should consider adding it to your budget. Having cyber insurance could help you save money in the long run and ensure that you are back up on your business feet more quickly and efficiently.
Looking to improve your cyber resilience and want to speak to an expert about it? We’d love to discuss how we can help! Contact us now to find out more.