Protecting your small business against cyber attacks

Napoleon once dismissed the British as a nation of shopkeepers, but today, we could more accurately (and less patronisingly) be described as a nation of entrepreneurs.

There are an estimated 5.7 million small and medium-sized enterprises in the UK, including millions of micro-businesses employing less than ten people.

Collectively, these companies generated two trillion pounds of turnover. And every single one will have experienced an attempted cyber attack in the last twelve months.

The threat is real

Contrary to popular belief, cyber attacks don’t just include Distributed Denial of Service (DDoS) assaults on network servers, intended to take a business offline.

The catch-all term ‘cyber attack’ includes phishing – those tiresome “your account has been compromised” emails, or “reset your password” SMS messages.

It includes password theft and brute force login attempts, where an automated program known as a bot attempts to access databases or other sensitive corporate data.

It even extends to technical processes like cross-site scripting attacks, which involve a level of complexity beyond most small business owners.

But how can any entrepreneur or small business owner go about preventing cyber attacks if they don’t know their XSS from their SQL?

These are our tips for keeping companies safe…

Preventing cyber attacks

Develop a security plan. Identify where your firm might be vulnerable – customer databases, ecommerce platforms, etc – and toughen security around any key assets.

Standardise data management. Build on the previous point by using a single software package with consistent security, such as password-encrypted Excel files.

Install and maintain antivirus packages on all computers. Most cyber attacks target desktop PCs, so a proactive antivirus solution will nip many threats in the bud.

Be sparing with IT credentials. Human error or malice underpins many issues, so give junior staff limited IT access – and don’t automatically trust sub-contractors.

Create regular data backups. Ransomware is a growing threat. Create nightly data backups in a secure location to keep the company running if any data is lost.

Educate staff. Don’t assume they know it all. Enforce periodic password changes, explain about phishing, set automatic logouts/screen locks, and show them this blog!

Update all software. Preventing cyber attacks can be as easy as ensuring web browsers, routers, operating systems and software packages are all patched and updated.

Choose strong online partners.The best online hosting firms have a robust approach to security. Don’t skimp by using a cheap firm with less commitment to safety.

Use a firewall. Available in both hardware and software varieties, a firewall provides a discreet extra layer of protection against DDoS and malware attacks.

Always encrypt sensitive data. Give your router a complex password, and send information through it rather than across public (unencrypted) WiFi or 4G networks.

Ensure former staff don’t retain access. Insist on company devices being returned, change all corporate passwords, close their accounts and delete their profiles.

Deploy two-factor authentication. Use 2FA whenever it’s available to deliver an additional layer of security for email accounts, intranet access and account logins.

Approach email with caution. Teach staff to be email wise by scanning attachments before opening them, and not clicking hyperlinks in unsolicited messages.

Consider hiring an expert. An array of ethical hackers, cybercrime experts and freelance security consultants will audit your IT systems and identify improvements.

Follow the news. Set up news alerts to follow current events. This often provides insights into current criminal activities, and new ways of preventing cyber attacks.