When you think about data breaches or cyber attacks, you might naturally drift towards the big scandals affecting some of the biggest enterprises in the world. What you hear about less often is cyber security issues affecting smaller businesses.
But make no mistake – just because they don’t make front-page news doesn’t mean they aren’t happening. In fact, SMEs in the UK are subject to almost 10,000 cyber attacks per day with 1 in 5 small firms saying they’d experienced an attack in the last three years. Today, it’s more important than ever that SMEs are giving cyber security the attention it deserves.
SMEs make good targets for cyber attack
Big companies are where the money is. However, they’re also likely to have the most secure (and expensive) cyber security measures in place to prevent attacks. This is what makes SMEs more appealing targets to criminals – in many ways, they’re weaker prey.
SMEs often collect the same information larger enterprises do just on a smaller scale. Customer data, personal information – all of this is valuable to a hacker, no matter where it comes from. An SME who does business with larger companies might also be the weakest link in that security chain and offer hackers a way in to access their data too.
Practical cyber security measures for SMEs
While SMEs might not have the security budget of larger enterprises, there are some basic security measures and precautions they can take that improve cyber security defences.
Get all system software up to date
Software is at its most secure when it’s up to date, so don’t put off installing any updates from the provider on your laptops, desktops and operating systems. This goes for networking devices such as routers, firewalls and drivers for things like printers too. These less obvious devices can also be a way in for hackers wanting to exploit your systems.
Tip: While patches are meant to fix vulnerabilities, it’s also worth remembering that they can introduce new problems too. Consider updating outside of typical business hours in case there is an issue and always be sure to have your IT team on standby.
Regularly back up critical data
There are a frightening number of ways that data could be lost – cyber attack, fire, physical damage or even simple user error. Losing this could mean the business can’t function.
Tip: Back up often and make your business-critical data a priority. Keep multiple backups separate from your computer – preferably off-site or on the cloud, or both.
Be mindful of inside threats
An SME’s employees can be a risk to cyber security – accidentally or intentionally. Inside threat covers everything from an employee making a simple mistake to a disgruntled ex-employee wreaking havoc on systems they should no longer have access to.
Tip: Many inside threats come from people still having access to systems once they’ve left the company. Review your policies regarding who has access to what and revoke employee access to your systems as soon as you suspect foul play.
Educate employees on threats to look out for
Employees are the last line of defence when it comes to cyber security threats such as email phishing scams. This is where criminals try to trick the user into doing the wrong thing, such as clicking a legitimate-looking link that takes them to a dodgy website or downloading a suspicious attachment that’s actually malware.
There’s also a growing trend of CEO scams where frauds impersonate company execs to trick unsuspecting employees into authorising decisions or releasing confidential information.
Tip: Raise awareness within the company as to what these scams look like – things like poor use of English, bad grammar and strange sender email addresses. Have a reporting procedure in place for what employees should do if they’ve been targetted.
Strong passwords are a must
A poor password compromises all of the data behind it. There’s little point investing in robust systems if your users are still using weak, easily guessable passwords to access them. A strong password should be at least 10 characters long, include a mix of uppercase and lowercase letters, symbols and numbers. Passwords should be different for every account.
Tip: Force users to change their passwords regularly (at least every 60 days) and stress the importance of a strong, unique password known to only the user. You could also consider using two-factor authentication or a password manager.
Robust cyber security is everyone’s business
Cyber security is not just about the technical solutions you employ. It’s also about your people – educating your users on what to look out for, what to report and what to avoid is half of the battle. And this doesn’t have to come at a high cost. Encourage a culture where cyber security is seen as everyone’s responsibility and secure working practices are a priority.
One way SMEs can do this is by producing user security policies showing what acceptable and secure use of systems looks like. These should be included in staff training at all levels in the business to create a culture where cyber security is a priority, not an afterthought.
About EC-MSP, your IT support partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with technology for your business, contact us today to see how we can help.