No business is too small to be at risk of a cybersecurity attack, it happens to small businesses all the time. According to the UK government’s Cyber Security Breaches Survey 2019, “31% of micro and small businesses identified breaches or attacks.”
The most common threats include scammers impersonating a business, phishing emails and malware. The survey further says that £3,650 is the average annual cost for those that lost data or assets after breaches.
Among the respondents half of those who had experienced an attack said it took a day or longer for the business to recover. What isn’t quantified however is the impact of a breach on small business customers.
- As well as the physical impact, cybersecurity breaches can also cause reputational damage. With a lack of faith in the security of the affected business, many customers are more inclined to take their business elsewhere resulting in lost sales and declining profits.
- There are also legal consequences to deal with in the aftermath. Failure to manage a customer’s personal information within the context of GDPR can result in regulatory sanctions. This is regardless of whether the negligence originates from the management or employees of a business.
All businesses hold sensitive data that can easily be put at risk if steps aren’t taken to protect it. This sensitive information can relate to your staff and their partners or next of kin, shareholders, business partners and clients, customers and other members of the public.
So how do you protect it?
Cybersecurity is a moving target. Criminals develop new types of malware and attack methods each day. But that said there are several fundamental steps that will ensure good cybersecurity where ever the sands of cybercrime shift.
- Create a policy
Small businesses typically operate by word of mouth, experience based on existing processes and intuition. Cybersecurity, however, is one area where it’s good to establish protocols. This doesn’t have to be complex, it can be as simple as verifying bank transactions with a verbal confirmation, not opening emails that are unexpected and practising good password security.
It’s essential that owners of small businesses are often up-to-speed with good cybersecurity practise. This doesn’t need to be an onerous task, grasping basic principles can be enough, such as backing up data and using encryption. However, it’s also important employees are familiar with these principles and even more importantly they understand why good practise is necessary.
- Regularly back up data
Backing up word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files is important. A ransomware attack can cripple a business by locking access to company documents. It’s common to back up data to the cloud but even this data should be backed up. Documents and files can be backed up to external storage devices at the end of every day. To be doubly sure external storage should be disconnected from computers once the back-up is complete because some malware is designed to infiltrate back up devices. Backing up data is a simple practice, only takes a few minutes and will quickly become a habit.
- Enforce good password practice
Employees find changing passwords to be a pain but it’s an essential safety practice. Many data losses are the result of lost, stolen or weak passwords. Passwords should consist of upper and lowercase letters, numbers and symbols and ideally should be changed every 60 to 90 days. This may seem onerous but a password manager will help generate strong new passwords when they are required, making the process simple and painless.
- Install anti-malware software
Anti-malware protection is the most basic and most important tool small businesses need to use. Without it, infections are guaranteed and depending on the type of malware the consequences can be devastating. Employees can be trained in the art of phishing mail detection but some mails are extremely sophisticated and fool even the most astute. Since phishing attacks involve installing malware on an employee’s computer when a link is clicked, anti-malware protection on all devices is essential. Employees can also have their devices infected by visiting suspicious websites, clicking on infected pop-ups, downloading an infected browser add-on and so many other ways.
Small office device protection made easy
For many small offices, protecting employees’ devices is not as simple as it seems. They either have to install antivirus on each computer and manage each device individually or use a small office product that has been scaled down from an enterprise solution. Both options are complex, time-consuming and often frustrating to use.
BullGuard Small Office Security provides the answer. Designed exclusively with the needs of small offices in mind it provides award-winning protection for all the computers a business may use whether fixed workstations or mobile smartphones. And all devices are managed centrally via a cloud portal.
If for instance, an update is required it can be sent out simultaneously to all computers. If a device is infected it is immediately quarantined before other computers and the network is also infected. If a device is lost or stolen it can be locked down immediately safeguarding sensitive data.
A lot more tasks, relevant to small businesses, can also be simply carried out from its centralised portal. It makes endpoint protection easy, quick and watertight. Discover more here.