A Small Business Owner’s Guide to Cyber-Security

Cyber-crime is not just a problem for big corporations and governments; small businesses are targets too. In fact, industry research shows that 1 in 5 small businesses has suffered a cyber-attack in the last 12 months alone.

 It is important to protect your business, but the truth is that many small business owners are not quite sure how.

Here then is our guide to navigating the world of cyber-security for small business owners.

 What are the risks?

Cyberattacks put your money, your data, and your IT equipment at risk.

If a hacker gains access to your network, they could do a lot of damage with what they find, such as:

• Access to client lists & customer information
• Employee information
• Your company's banking details
• Your pricing
• Product designs, processes, and intellectual properties
• Your plans for the future

A cyberattack can drastically impact your business. In fact, statistics show that 60% of small businesses that fall victim to a cyber-attack shut down within six months of the breach. While that may be the most devastating result of the attack, there are other consequences that your business could experience, including:

• Financial losses from theft of banking information
• Financial losses from disruption of business
• High costs to rid your network of threats
• Damage to your reputation after telling customers their information was compromised

Worse, these attacks do not just put your company at risk, hackers may use their access to your network as a steppingstone into the networks of other companies, if you are a part of their supply chain, for example, and you may be held accountable for damages they suffer as a result.

What can you do to protect your business?

As a small business, you might feel helpless against cyberattacks, but fortunately, there are steps you can take to protect your company and demonstrate that you took sensible precautions.

Educate your employees

Employees can leave your business vulnerable to an attack. Research shows that 43 percent of data loss stems from internal employees who either maliciously or carelessly give cybercriminals access to your networks.

There are many scenarios that could result in employee-initiated attacks. These can be an employee losing a work tablet, falling victim to a social engineering type attack, such as a phishing attack, or clicking a link in a malicious email or website which deploys viruses on the network.

To protect against threats from within, invest in cybersecurity training for your employees. Educating your staff on what to look for and best practices for IT use is the single best way to protect your business.

You should also introduce an “Acceptable Use” policy that instructs your employees on the do and don’ts of using company devices.

SPECIAL OFFER TO READERS: Let me know in the comments if you would like a template “Acceptable Use” policy that you can easily adapt to your business, and I will be happy to send you one!

Perform a risk assessment

By evaluating potential risks that might compromise the security of your company's networks, systems, and information and identifying and analysing possible threats you can formulate a plan to plug any gaps in security.

As part of your risk assessment efforts, examine where and how your data is stored and who has access to it. Identify who may want to access the data and how they may try to obtain it. Determine the risk levels of possible events and how breaches can potentially impact the company.

Once this analysis is complete and you have identified threats, you can use the information you have gained to develop or refine your security strategy.

Review and revise the security strategy at regular intervals and when you make any substantial changes to information storage and usage. This helps you provide more extensive protection for your data.

Deploy sensible cyber-security measures

No-one is asking you, as a small business, to invest multiple thousands of pounds in state-of-the-art technologies to protect against cyber-attacks. However, it is expected that all small businesses take “sensible and reasonable” precautions. It is in fact the law since GDPR came into effect that you do so.

But protection against malicious actors and legal reprisals should you fall victim are not the only benefits of doing so. Demonstrating that you take data protection seriously will win you the confidence of your customers and you may also see a reduction in your business insurance.

Here are some of the sensible and inexpensive measures you can take to protect your business…

• Antivirus – You need antivirus software that can protect your devices from viruses, spyware, ransomware, and phishing scams. Make sure the software not only offers protection, but also technology that helps you clean devices as needed and resets them to their pre-infected state.
• Web-Content Filtering – This software will prevent devices on your company network from accessing malicious websites where they might get infected. It is also useful for determining website types that you deem unsuitable for access, such as gambling sites, sites with violent or sexual content, gaming sites, and so on. If you wish to go further you can also restrict access to sites according to time of day, so for example you might decide that Facebook can only be accessed by your staff at dinnertime.
• Spam-Filtering – Utilising a good antispam software will help protect against phishing, whaling, and other email-based attacks by identifying most and quarantining them before your employees have a chance to interact at all. A side-benefit of this is that it will help keep the “rubbish” out of your inbox too.
• Firewall – At its most simple a firewall works alongside your Router and monitors data traffic in and out of your network, looking for anything that is out of the ordinary and blocking transmission of data to dodgy IPs. A good firewall needn’t cost the earth, with many inexpensive small business routers coming with perfectly good in-built firewalls.
• Cyber Essentials Accreditation – This is the UK Government-sponsored cyber-security standard that takes a practical approach to cyber-security compliance. To become accredited you will need an audit of your IT configurations and be required to enable basic security precautions, such as utilising strong passwords for user access, ensuring antivirus is installed on all devices, and so on. You may want to engage with an IT company to do this for you if you are not very “techy” yourself.
• Keep your applications updated – It is vital that the software that you use to keep your business running, the operating systems of your devices, and your security applications are kept up to date. Every new update addresses the latest viruses and new vulnerabilities that have been detected. As you grow and need to keep multiple applications updated on multiple devices this can become unwieldy and time-consuming, so at that point consider engaging with an IT support provider that can maintain your systems on your behalf.
• Back up regularly – Does your company back up its files? If a cyberattack happens, data could be compromised or deleted. If that was to happen, could your business still run? Given the amount of data you might store on laptops and cell phones, most businesses would not be able to function. Utilising backup services will protect you from cyber-attacks but also other forms of data loss, such as accidental, or malicious, deletion or lost or stolen devices. Even better, find a backup option that stores your data in “the cloud” to avoid site-level disasters such as fire, flood or burglary.

What to look for in a cyber-security provider

For many small businesses, cybersecurity is a bit out of their comfort zone, so if you need help with cybersecurity, it is understandable. Plus, you have a business to run, so why wouldn’t you outsource this to someone for whom this is their “bread and butter”?

Small business owners have always had long to-do lists, but nowadays, cyber-security has to be high on that list. Fortunately, the right cybersecurity company can help mitigate your risks while you concentrate on your business.

Here are some things to look for in a cyber-security provider;

• Comprehensive Service – Avoid having several different suppliers each looking after different aspects of your IT, this will only ever end-up with the right-hand blaming the left-hand for any problems that arise. Look for a single provider that can cover everything that you need – whether that be IT support, monitoring and maintenance, backup and disaster recovery services, cyber-security, compliance, cyber-awareness training, etc.
• Extra Support - Whether there is a threat detected or you are having trouble backing up your files, you want a company that is pro-active and responsive. Choose a company that helps you navigate threats, finds solutions, and takes the hassle out of cybersecurity.
• Growth Potential - Your business will likely grow, and you need a cybersecurity company that can grow with you. Focus on companies that offer a well-rounded suite of security choices rather than those that specialise in just one or two. That way they will be able to provide you the services that you need now and those you may need in the future.

Want more advice?

We hope you have found this article useful but if you would like more advice about cyber-security for your business get in touch…

• Visit https://www.supremesystems.co.uk/
• Call Supreme Systems on 0121 309 0126
• Email us at [email protected]
• Follow Supreme Systems at https://www.dhirubhai.net/company/supremesystems/

Supreme Systems also offer services specially tailored to small businesses. Our new “No Frills IT Support” package includes,

• Unlimited telephone & remote access IT support
• Hardware break/fix service
• Managed antivirus
• Spam filtering
• SaaS hosted backup
• Desktop/laptop hosted backup

Everything that a small business needs for just ￡25.00 per person month with no commitment or contract.

Get in touch and we will be happy to answer any questions you might have.

About the author...

Julian has over 20 years of experience as a technical salesperson for IT Managed Service Providers (MSPs) and likes nothing more than a cup of coffee and a chat about how to cure your IT headaches.