Small business: How to stay safe from cybercrime

Man with a balaclava and a torch © Getty Images
SMEs are particularly vulnerable to possible security breaches

Ensuring your business is safe from cybercrime is increasingly important.

Small and medium-sized enterprises (SMEs) are tempting targets for cybercriminals. Their defences tend to be less sophisticated than their larger peers, but they still offer rich pickings, from valuable personal data to banking and payment systems.

New data from the government underlines the scale of the challenge now facing SMEs: 40% of small businesses and 60% of medium-sized firms have experienced some form of cybersecurity breach or attack in the past 12 months. While no organisation, large or small, can ever achieve complete security, doing the basics well is actually relatively cheap and very effective.

First, it’s worth checking how physically secure your office is, as you want to restrict access to anything that would contain sensitive details, or give an attacker the information they need to try to trick you into unwittingly sharing such information.

Next, turn to digital security. Check that all your computer equipment is password-protected and that all employees use strong passwords that they change regularly. Free password-management software can be useful here. The idea is that even if an attacker does get their hands on one of your machines, it should be difficult for them to break into it. Two-factor authentication systems add a layer of protection, requiring access to a second device, such as a mobile phone, to get into the system.

The weak link

Unfortunately, even if your digital security is strong, attackers may still be able to target the weak link in the chain at many organisations – people. Training your staff on good cyber-hygiene – and keeping them up to date – is crucial; not everyone in the business has to be a cybersecurity expert, but all staff should know not to click on suspicious links in email, for example, or not to respond to messages purporting to come from colleagues or senior staff without checking their authenticity.

One sensible precaution is to limit access to each part of your computer system to those staff who actually need it. The fewer people who are logging into each part of the infrastructure – and the slimmer you can keep those systems – the fewer points of vulnerability you’ll have.

With these basic measures in place, the final step is to consider investing in technological solutions to the cybersecurity problem. That doesn’t have to cost the earth: there is a wide range of free or low-cost software available, particularly in the anti-virus and firewall market, aimed at SMEs. Many organisations offering these packages will also give you free advice and support.