Let's get the bad news over with. According to the FSB, small firms in the UK suffer almost ten thousand cyber attacks every day (link to https://www.fsb.org.uk/media-centre/press-releases...). Cybercrime in the small business sector costs billions of pounds a year. More than a million businesses like ours have experienced phishing, malware and payment scams. One in five say they've suffered an attack during the two years leading up to January 2019, when over seven million individual attacks were reported. That's 9,741 incidents a day.
The good news?
The good news is, you don't have to spend a fortune or learn super-clever things to stay safe. The biggest threat you face as a small business is your employees and the other people you work with, for example freelancers, suppliers and partners. In other words, human beings. It's all because so few of us are properly trained in cyber security, at every level, from directors to new starters.
Look at the list of cyber threats in the first paragraph. They're all avoidable as long as the humans in the equation know how to recognise, avoid, report and remove threats rather than fall straight into the trap. It isn't particularly complicated. The things you need to do to protect your systems are mostly common sense, especially for businesses like ours without multiple different premises to network up or thousands of staff to manage.
So, lets get to the heart of the matter. What can you do, as a small business, to protect the IT systems and data you rely on?
Get Cyber Essentials qualified
The simplest answer is to make sure everyone who matters is Cyber Essentials qualified (link to https://www.cyberessentials.ncsc.gov.uk/ ). Cyber Essentials is a government scheme designed to help people stay safe from the most common cyber threats as well as demonstrating your company's commitment to cyber security, a marketable asset in today's context. In the meantime, here are our top tips for better small business cyber security.
20 tips for great small business cyber security
1.Never open an email unless you are 100% sure you know who sent it. Most email software lets you read messages without opening them, much safer since simply opening an email can sometimes trigger something malicious
2.Never click on a link, button or attachment in an email unless you know who sent it
3.If something looks real but doesn't feel right, check the email for spelling mistakes, bad grammar and suspicious-looking graphics. The more you spot, the easier it gets and the more experienced you get at spotting them
4.Delete suspicious emails straight away so they're safely gone and you can't mistakenly open them
5.Update software as soon as a fresh version is available
6. The same goes for your operating system – don't put off Windows or Mac updates, do them straight away
7.Do the same with your devices
8.Check the security settings on new and existing software, tools and devices and turn them up to the max
9.Use strong passwords and don't share them with anyone else
10.Change passwords regularly
11.Use two-factor authentication for banking and for managing your IT. It sends a code to your mobile to use with your password, a new one every time
12.If someone leaves the company, immediately make sure they can't access your system any more
13.Don't let employees use their own devices for work
14.Don't log in to an insecure network, for example a coffee shop, with a work device
15.Use a firewall to make a safe zone between your IT network and the outside world
16.Only use official software that has been pre-screened for malware
17.Use good virus protection and keep it up to date
18.If you stop using software or tools, delete them from your system
19.Only give people the level of system and data access that they need to do their job
20.Make sure your suppliers and business partners are also cyber-secure
Do all this and you'll make a real difference to your small business' IT security.