Physical crime is easy to spot. Broken windows, squealing alarms and snapped locks all stand out from the ‘norm’. Unfortunately, cybercrime is a different kettle of fish. It can be especially hard for a smaller business to spot.
Sometimes our defences are breached long before we realise. When we do find out, we’re faced with all the negative emotions a victim of a break-in can feel, plus the disruption, cost and embarrassment unique to cybercrime.
Fortunately, there are number of ways you can ensure your employees have the skills and tools needed to thwart cybercriminals. We recently joined forces with the FSB to share our thoughts on the subject. If you can’t spare 25 minutes to listen, we’ve summarised the key takeaways below and added a few ideas that we didn’t get time to share.
Key podcast moments
5 minutes: What are the threats and how do they affect small businesses?
9 minutes: What should small business owners do?
12 minutes: What are the risks and how can small businesses keep up?
15 minutes: What should a comprised business do?
20 minutes: What impact can cyberattacks have?
Shut the windows – free cyber security measures to protect your small business’s systems
Just because a measure is free, it doesn’t mean it’s not effective. Here are some of our favourite free ways to boost your cybersecurity:
- Install patches when they are released (and make sure you reboot each PC, laptop, smartphone and tablet afterwards)
- Use two-factor authentication (2FA) when available
- Don’t leave confidential information on desktops at the end of the day
- Set lockable screensavers
- Remind employees about your cyber security policy (and why it’s so important)
- Get clued up – speak to other business owners to see what they are doing or read newsletters from the National Cyber Security Centre or other reputable sources such as your Local Authority
- Join your local not-for-profit Cyber Resilience Centre (it’s free)
- Be careful about the info you put out on social media. Who can see it? How can criminals use it? Providing something as simple as an email address is a gift to a criminal.
- Remind homeworkers to move their laptops away from windows and doors at night
- Challenge preconceptions – hackers aren’t always men in hoodies and phishing attempts can be made via vishing (voice fraud) and smishing (SMS text fraud) as well as emails
- Avoid using free WiFi, instead tether and use your phone
Upgrade your locks – cost-effective ways to improve your security
Small investments in tools and training can prevent the disruption, embarrassment and costs caused by a successful attack. A phishing simulation is a powerful way to help employees realise how easy it is to click in haste and repent at leisure, yet will cost you less than a cup of coffee per user!
You can start by…
- Training staff to avoid phishing emails and associated ransomware attacks (use our free resource sheet for ideas)
- Encrypting laptops
- Using paid-for antivirus (it doesn’t have to be expensive)
- Asking your IT providers to suggest improvements
- Using phishing simulations to hone your employees’ spidey-senses (over half of small business cybercrimes are caused by employees clicking on phishing emails)
- Providing your team with clearer and more memorable IT policies
- Think about Cyber Essentials, this Government-backed certification provides protection against 80% of cyberattacks
Bouncing back – ways to minimise the impact of a successful attack
Sometimes, even our best efforts aren’t enough to keep our networks safe. Our MD, Helen, explains, “Cyber criminals only need to be lucky once to get into our systems. We need to be lucky 100% of the time to try to keep these guys out. It only takes one click on a dodgy link, and you could be facing a real-life cybersecurity exercise. That’s why we believe prevention is better than cure, and rehearsal is better than running around like a headless chicken.”
Steps that will help you react quickly and restore your normal service:
- Encourage employees to tell you if they make a mistake, such as clicking on a dodgy link (time is of the essence when it comes to putting matters right)
- Take regular back-ups and test them
- Make sure you know how to claim on your cyber insurance policy, if you have one (FSB members have £10k of cover and Cyber Essentials holders have £25k!)
- Use the NCSC’s Exercise in a Box to guide your rehearsals and practice who does what
Conclusion
Cybersecurity isn’t something you can do on a set day once a quarter or month. To be effective, it involves a change in mindset as well as habits. Our MD, Helen, explains, “As small business owners, we have to consistently apply every resource available. It’s easier to do this when we
View cybersecurity as a proactive way to help future proof our business, rather than an unavoidable burden.”
Training and tools together have the power to keep cyber criminals at bay. Don’t forget to also play your part by reporting cybercrime to Action Fraud and the Police.
Next steps for small businesses
Find out more about free and cost-effective training in our free resources PDF.
If you need any advice, please contact us. We’ll be delighted to help.