As cyber threats intensify, small businesses must make sure that careless mistakes aren’t leaving them vulnerable. Tayo Dada, the founder of cyber security firm Uncloak, looks at how SMEs can protect themselves.
Cyber crime is on the up. A survey by analyst Ovum found that 60% of companies saw an increase in cyber attacks in the past year. Meanwhile, Uncloak’s own research suggests that the number of cyber attacks in 2017 was up an incredible 400% year on year.
The costs of cyber crime are high, both financially and in terms of the devastating reputational damage done to businesses that fall victim – yet 96% of businesses in Europe feel they cannot justify the cost of a cyber security expert. The reality is that the threat affects businesses of all sizes, yet cyber security is a poorly understood area for many businesses, and most simply wait to shut the stable door after the horse has bolted.
Of course, cyber security is a complex and ever-changing landscape, but there are simple things we could all do to reduce risks. Take a look at these common mistakes, and you might spot some straightforward things you can do to reduce your chance of being hit by a hacker – because prevention is always better than a cure:
Don’t think that it won’t happen to you
Despite the growing threat, many SMEs still believe they won’t be affected, or that they’re too small to be a target. But whatever your size or industry, your business has data that is valuable. And an attack can be fatal to a small, unprepared business.
Don’t be blasé with the basics
It’s an admin thing: The basics include implementing solid password policies, making sure ex-employees don’t continue to have access to your systems when they leave, properly disposing of old computers, not protecting generic accounts and securing wireless access points.
Don’t ignore your systems and software updates
These alerts always seem to pop up just when you’re on a deadline, and the temptation is to ignore them repeatedly. But doing so can leave you more vulnerable to an attack. Trusted software updates, whether to your operating system, website or anti-virus software, often include vital security upgrades that will defend against new and evolving cyber threats. Outdated products just can’t protect against the latest risks.
Consider calling a professional
Investing in the latest anti-virus software is a good plan, but it’s not enough to fully protect your company and data. The complexity of cyber threats calls for expert knowledge. Having trusted security professionals who know how to mitigate problems as they arise, and can monitor your systems around-the-clock, is the key to thorough cyber security. If your business is small, having a cyber expert on a retainer could be a good way to ensure you’re keeping on the right side of any new threats to security.
Don’t forget to engage your staff
You might have Pentagon-level security plans in place, yet an unthinking action by an employee can bring your defences down in no time. The majority of data breaches are a result of human error. Common mistakes include emailing an attachment that contains sensitive data to the wrong person, accidentally downloading malware from a suspicious link, widespread use of poor password practice, or naively leaking data. Providing regular training for employees on how to use security software, passwords, handle sensitive customer information and recognise scam emails is critical to avoiding these pitfalls.
Don’t put a non-technical person in charge of security
It is a fundamental error to assume that seniority equals expertise when it comes to cyber security. If you put somebody with no technical expertise in charge of keeping your systems safe, you are trusting your data to someone who lacks a thorough understanding of the nature of the risks, and how technology and processes offer protection. It’s crucial to put someone with experience of the specifics in charge.
On the other hand, don’t delegate and forget about it
That said, it’s a mistake to hand security over to an IT person and then wash your hands of it. To be effective, security requires engagement from the whole organisation, starting at the top. Senior management can be prime targets for cyber attacks, and the buck also stops with directors, who are ultimately responsible for protecting company and client data, and can be held personally liable in the event of a breach.
Don’t neglect the ‘What if…?’
You may not think it will happen, but if it does you need to be quick off the mark and well organised when identifying and responding to an attack. The speed and quality of your response will have a huge influence over the amount of damage – physical, financial and reputational – that results. Put an emergency plan in place, so that in the event of a breach you know who’s responsible for making relevant decisions, and how to handle the legal and PR aspects of the situation.
Tayo Dada is a former ethical hacker and the founder of Uncloak.io, the world’s first blockchain powered cyber security solution
Sign up to our newsletter to get the latest from Business Advice.