BLOG
SHOULD MICRO BUSINESSES WORRY ABOUT CYBER SECURITY?
There are over 5.7 million businesses in the UK, according to a survey by Merchant Savvy. 96% are micro businesses, with 0 - 9 employees. The Covid situation has amplified unique challenges and risks faced by micro business owners. A government publication defines cyber security as the activities carried out to protect your computer-based equipment and information from unintended or unauthorised access, change, theft or destruction and it is forever a challenge. Good cyber security can enhance the reputation of your business and open up new commercial opportunities. Even when working from home one faces cyber security issues as staff use company laptops and phones or even use their own. In the case of the one-man-band the business owner's use of systems, devices and data unfortunately opens doors to serious cyber threats if some rules and habits are not followed.
TYPES OF CYBER THREATS
Cyber crime is a world of its own and is rapidly thriving: there are many ways the cyber criminal can gain authorised access to systems, networks, devices etc. Those operations are ingenious and ruthless and as a business owner, it pays to know about the most common cyber threats.
Criminals can access computers or systems without users' knowledge. They can harvest customers' card details, disrupt normal traffic to a website or redirect surfers to malicious websites. Malware (a term describing any file or program that is intended to harm or disrupt a computer) is common and is usually propagated through "phishing attacks" i.e. emails and messages used to trick people into divulging sensitive or confidential information. Phishing attacks exploiting the coronavirus outbreak have indeed seen a huge increase since January 2020. Some examples of malware are: botnets, ransomware, trojans, spyware, viruses and worms. In a ransomware attack, the cyber criminal inserts malware that encrypts victims' information and demands payment in return for the decryption key. Botnet software is designed to infect large numbers of Internet-connected devices. Servers can be attacked too, to provide access to or to modify data. The list goes on.
HOW TO COUNTER ANY CYBER ATTACK
The micro business owner has more to lose if he or she disregards those threats and doesn't have an action plan. According to a government publication about cyber security for small businesses, in 2014, 60% of small businesses experienced a cyber breach. The average cost of the worst breach was between £65K and £115K. You are never too small for cyber crime, nor is cyber security too expensive an option to contemplate.
The best way to counteract any potential cyber threat is to start cultivating some useful habits when using computers, laptops, tablets, and smartphones. The keyphrase to think of when one thinks of cyber security is: risk management. This is made up of three main steps: planning, implementing and reviewing.
RISK MANAGEMENT
Risk awareness and planning is the first vital step towards a safer work environment. Identify the financial and information assets that are critical to your business, as well as the IT services you rely on e.g. the ability to take payments via your website. Assess all the IT equipment within the business and start thinking of recovery procedures. Document about all legal and compliance requirements your business is subject to e.g. personal data protection legislation and Payment Card Industry compliance. Awareness training for staff and the potential need for cyber insurance are also to be considered.
Once everything has been identified and classified accordingly, the next step is implementation. Ensuring network security, secure configuration, an inventory of all IT equipment and software are basic steps towards cyber security. The management of user privileges, constant monitoring and data encryption are other examples.
Reviewing all the practices is quite straightforward and direct e.g. removing any software or equipment that you no longer need or addressing any gaps in your security that have been identified following any security incident. Any cyber crime should be reported to the police via the Action Fraud website.
MORE TIPS
Here, at Associate Planet, we advocate caution and thinking outside the box. Instead of passwords for example, think passphrases i.e. two or three words together. Getting a password manager is a also great move e.g. LastPass, enhanced with two-factor authentication like Yubikey. Sensitive information should be encrypted, especially on "The Cloud". Other recommendations are:
* Treat wifi/wireless as inherently insecure
* Back up data regularly and back up the backup
* Have a business continuity/crisis management plan ready and continuously updated
* Keep the antivirus and anti-malware up-to-date
* If you are a business owner and you have staff using their own devices while working from home, have a cyber security policy to ensure they follow the right guidelines
* Use a VPN (virtual private network) to provide staff with secure remote access to corporate systems
* Install firewalls and gateways
CYBER SECURITY GUARANTEE
The micro business owner needs to offer his/her clients and staff the guarantee of security in its cyber operations and presence. Trustworthy industry certifications can vouch that the business is cyber secure. We recommend that you aim for at least Cyber Essentials, Cyber Essentials Plus or the ISO27001 Information Security Standard. The Cyber Essentials badge will demonstrate that your business takes cyber security seriously and that confidential information on your systems will be secure.
THE WAY FORWARD
It's a great feeling to work in a cyber secure environment. We hope that we can be there to help you carry out the right risk assessment and manage risks at an optimum level to protect your business, its info, cash flow, customers and reputation.
We won't drown you in technobabble. We want you to weigh the pros and cons, to be aware of the landscape and to act accordingly.
Please do not hesitate to contact Richard for a no obligation discussion and let's work towards a solution.
Richard M.Inst.D
Blog Archive:
1. Blog: Flexible Working - The Future of Work - January 2021
2. Blog: Parental Controls - December 2020
3. Blog: Video Conferencing Etiquette - November 2020
4. Blog: Flexible Working - October 2020
5. Blog: Dont Be Alone - May 2020
6. Blog: Is your IT behaving itself? - May 2019
7. Blog: Lets do it - The Integrated Business - May 2018
8. Blog: Technology-What can we do to help ourselves - December 2017
9. Blog: Let's Simplify Technology - November 2017
10. Blog: Marketing and the SME - March 2017
11. Blog: Stay Safe - January 2017
12. Blog: The Year - December 2016
13. Blog: Marketing - September 2016
14. Blog: Digital Marketing - August 2016
15. Blog: Integrated Technology - June 2016
16. Blog: Cyber Security - March 2016
17. Blog: Introduction - March 2016
|
|