How vulnerable is your business to cyber-crime?
Hi all,
Just a few thoughts on cyber-security in light of recent events. I’ve just read on BBC News that the government’s National Cyber Security Centre (NCSC to me and you) has warned UK companies to be extra-vigilant about cyber-crime. This is in response to some shenanigans in Ukraine that are being blamed on the Russian government.
You’re probably thinking “cheers Phill, but why the hell would international spies target my window repair business?” Which is a fair question. Chances are they wouldn’t! But really, the NCSC’s point is about cyber-crime in general – and that actually does affect you.
Not to give the b****rds too much credit, but cyber-criminals have got better at what they do. One of the things they’ve learned is to target smaller businesses – less cash, but also less protection and publicity. I’ve been at this a long time, and I’ve seen livelihoods wrecked by this stuff.
It’s getting worse too. It went up during the pandemic (so much for community spirit!) because more businesses were running online. So anyway, I thought I’d go through a quick (by my standards) list of possible weak points. If you run a business, this is relevant to you. I hope it helps. Biscuit IT, my company, can help with all this and we’re happy to give you an audit.
Not knowing the threats
Seems obvious, but you’ve got to know how criminals are operating. Forget that image of a lone wolf hacking into some huge multinational. These days, it’s mostly done in organised groups. And like I said, they just love to have a go at small businesses because it’s easier for them. So rule 1 is be aware of that and don’t make it easy for them.
Password management
First off, don’t have rubbish passwords (“password1”, for example, is rubbish). The more variation, the more special characters, the harder it is to hack. Second, update your passwords regularly! I can’t repeat this enough. “Fhjfknsdkj3898DFD” is better than “password1”, but it’s pretty useless if you’ve kept it for two-and-a-half years and half the people who know it have left. Make sure you’ve got proper password management.
Lack of training
You’ve got the best anti-virus and anti-spam software, and a firewall that puts MI6 to shame. But hardware and software aren’t the only things to be worried about. If you don’t train your staff up on how to use it all safely, you could easily get yourself in trouble. We’re all human, and we all make mistakes – but people with proper training don’t make as many mistakes!
领英推荐
Phishing
I think most people know this term now, but it’s basically when wrong’uns try to trick you, normally by email. They might want you to give away bank details, or install something nasty that gives them access to your systems. What you need to know is that these people get more sophisticated by the day, and training alone isn’t always enough. It’s a very, very good idea to have some serious anti-spam software to scan your inbox and stop malware getting in.?
Personal devices
It’s not just your company hardware you need to think about. If anyone’s doing business on their personal phone, tablet or laptop (and it could just be checking work emails), that’s a potential ‘way in’ for the enterprising cyber-criminal. So make sure you cough up to get those devices in order. (By the way, this also counts for mobiles. Criminals can do a lot of damage if they access your phone, but we can do a lot to keep them away!).
It’s not just your staff either. If you have visitors into your place of work, you have no way of knowing if their devices are secure, so creating a guest network for them to connect to protects your business networks.
Firewalls
I’ve lost count of the number of business owners I’ve met that don’t have a firewall. They might have the best anti-virus and anti-spam software, but no firewall. This is, with all due respect, a little daft. It’s like locking all your windows but leaving your front door key under the mat. Your network is a way in to every other bit of your business, and a firewall protects it.
What next?
Cyber-crime is a nasty business, and it can do a lot of harm. It can wipe you out financially, but even if you get it all back there’s still your reputation to consider. I run a business too, and I’m well aware of how much the trust of our customers matters.
My suggestion is that you have a good look through what you’re doing security-wise and ask whether you could do more. And if you’re not an expert, that’s fine. Our company can look after all this and more, and we do it proactively – we monitor your systems 24/7 to keep threats at bay.
We can also give you a cyber-security audit if you’re not sure where you stand. Whatever it is, get in touch and see how we can help.
Take care,
Phill
Peer groups for ambitious business owners to drive each other for success | SME Business coach & advisor | Business planning & strategy
2 年Thanks for these remainders Phill Burke . Greatest weakness for businesses is the human. All to easy to click on a link when we are busy or rushing around and check our mobile. Great infrastructure and supporting processes get us a fair way to security but each business needs a security mindset, replicated in each employee.