How to fight cyber-crime in your small business

There are five key areas for owners of small businesses to focus on when fending off digital attacks.

Cyber-attackers have small businesses in their sights. The Federation of Small Businesses says its members are the target of seven million cyber-attacks every year. The average cost of an incident for a small business is £8,460, but many prove even more expensive to fix and recover from. In the most extreme cases, the disruption and expense of a serious attack can pose an existential threat to small businesses.

However, for many smaller firms, the misconception persists that they are less likely to be targeted than larger companies. While 93% of large companies say cybersecurity is a high priority, the figure drops below 70% for the smallest businesses. In part, that may be because firms feel they lack the technical expertise to confront cyber-crime. But even taking some simple steps will provide a great deal of protection. The National Cyber Security Centre (NCSC) suggests focusing on five key areas.

A copy of your company

First, says the NCSC, make sure your business makes regular back-ups of all its key data. Build this into your daily operations. Crucially, you need to make these back-ups to a computer or system that is not connected to your ordinary system, or accessible by staff.

The aim is to create a copy of your key data that you can access in an emergency, but which an attack won’t reach. That way, if your systems do suffer a breach – or if you suffer a disaster such as flooding or a fire – your business will still be able to function. You’ll also be less vulnerable to ransomware attacks that freeze your data until you pay a fee to the attacker for release. 

Step two is to put protections in place against malware, the malicious software programmes through which attackers aim to harm organisations. Basic cyber-hygiene is really important here: install anti-virus software and make sure it is operating, switch on your firewall, and keep your IT equipment up to date. Follow software providers’ instructions on updates and modifications.

Part of the challenge here is to make staff part of the defence. Through regular training and communication, you can help employees understand what is risky behaviour, such as opening attachments that could pose a threat. Have rules about how they use their own computers to access work systems. 

The next step, suggests the NCSC, should be to think about smartphones and other digital devices, particularly as more businesses depend on these technologies. Make sure all devices are password-protected, limiting the damage if they fall into the wrong hands, and turn on apps that allow for the tracking or wiping of lost or stolen devices. Keep both the device itself, and all apps, updated. And consider instructing staff not to connect to unknown Wi-Fi hotspots, particularly in public places, with any device used for work.

Good use of passwords more broadly is another key step in protecting your business from cyber-criminals. The aim here is to strengthen your defences without making access to devices and networks so cumbersome that people don’t bother following the rules and leave themselves open to attack. Use more demanding techniques, such as two-factor authentication, for the most important points of access. Help your staff to cope with password overloads – good quality password managers, for example, can be very useful.

Finally, the NCSC suggests thinking particularly carefully about phishing attacks, one of the most common types of cyber-breach. Here, there are tools that can help you configure your accounts to repel attacks and spot breaches. But again, employees’ awareness is a crucial weapon. Make sure staff know how to ask for help if they’re unsure. Be sympathetic if they do make a mistake; this will encourage people to report potential problems quickly.

Recommended

Employers: don't rush your staff back into the office
Small business

Employers: don't rush your staff back into the office

Employers should think carefully before summoning staff back to the office, says David Prosser.
28 Jan 2022
How to help your business cope with rising energy costs
Small business

How to help your business cope with rising energy costs

With rising energy costs putting cost pressures on the country's businesses, the best way to keep the lights on is to make sure you’re turning them of…
18 Jan 2022
How to free up extra Christmas cash for your business
Small business

How to free up extra Christmas cash for your business

Too few small businesses keep unnecessary costs to an absolute minimum. Here are six ideas that might pay for a Christmas bonus.
14 Dec 2021
How your business can win the race to recruit new staff
Small business

How your business can win the race to recruit new staff

Smaller companies can’t offer huge cash incentives for new staff, but they can still compete effectively for labour. David Prosser explains how.
1 Dec 2021

Most Popular

Amazon halts plans to ban UK Visa credit card payments
Personal finance

Amazon halts plans to ban UK Visa credit card payments

Amazon has said that it is to shelve its proposed ban on UK customers making payments with Visa credit cards.
17 Jan 2022
Shareholder capitalism: why we must return power to listed companies’ ultimate owners
Investment strategy

Shareholder capitalism: why we must return power to listed companies’ ultimate owners

Under our system of shareholder capitalism it's not fund managers, it‘s the individual investors – the company's ultimate owners – who should be telli…
24 Jan 2022
Temple Bar’s Ian Lance and Nick Purves: the essence of value investing
Investment strategy

Temple Bar’s Ian Lance and Nick Purves: the essence of value investing

Ian Lance and Nick Purves of the Temple Bar investment trust explain the essence of “value investing” – buying something for less than its intrinsic v…
14 Jan 2022