As a small business you might think you're immune to data theft, hacking and the other cyber security issues that face bigger companies. But you're actually just as vulnerable, if not more so. Hackers don't always care about size, they care about vulnerability.
While you don't have an international brand reputation to damage, nor can you afford the kind of cyber security measures open to a big company with deep pockets. And you're just as beholden to the GDPR – including the vast fines you can face if you get the data side of business wrong - as a bigger business. Here are some essential tips to help you stay safe from cyber-threats.
10 cool tips to keep your small business cyber secure
1.Get yourself and your staff Cyber Essentials qualified, a government scheme designed to help business stay safe from cyber threats. You can find out more about it here. (link to https://www.cyberessentials.ncsc.gov.uk/)
2.Know how to secure your computers and networks and protect them from malware – including switching on the firewall provided by your internet router, your first line of defence. You need to protect your computers with the best security software you can afford. You need a security tool that lets you keep tabs on mobile device users as well as PCs and servers. Having location awareness switched on helps create the most secure settings on laptops automatically in and out of the office. And anti-spam tools help cut the amount of spam you get right down, removing the worst offenders before they even hit your inbox.
3.Make sure your internal digital security policy includes all the right bells and whistles, for example listing the applications and tools it's OK to upload to work machines and those it isn't. Everyone should know how to create a strong password, and to never share it. Everyone needs to be sure about what they can do on their work machines and what is forbidden. Your people should all be crystal clear about how to spot and avoid opening email spam like phishing messages – you might even decide to apply encryption to your entire system. It's important to have someone to go to, an individual whose responsibility cyber security matters is. And you should have a clear, fair, fast and efficient protocol in place to follow if something goes wrong.
4.Make social media safe – Your employees need to know exactly how to use social media safely and securely, be fully aware of the type of threats that lurk out there, and clear about the boundaries around social media use at work. Remember you can filter URLs to limit access to certain sites, for example Ebay and Facebook, during working hours.
5.Only let dedicated, specially chosen people speak on behalf of the company and write about it. Give them a proper brief with full, detailed guidelines, including a tone of voice to follow, a list of the things they can talk about and – perhaps more importantly - a list of things it's not ok to mention.
6.Make it clear to everyone what's confidential and what isn't, so they can't make silly mistakes. If something is totally confidential, protect every aspect of it with an NDA
7.Involve your employees at every turn, asking their advice as well as providing guidance. It really matters for everyone to be on the same page when a massive 80% of all data loss is caused by human error, whether it's sending out confidential or sensitive information to the wrong people, doing it the wrong way, via the wrong system, or otherwise leaving the digital doors wide open for mischief makers to come in.
8.Restrict the number of personal devices used at work. If you really want your business to be secure and stay that way, only let people do their work on work machines. It's so common to use personal gadgets at work that a formal Bring Your Own Device plan might be your best bet, including guidelines about data deletion, location tracking, and internet monitoring.
9.Always carry out upgrades to software and tools as soon as they become available, auto-updating your operating system to prevent small vulnerabilities from becoming gaping great holes as well as making sure anti-virus and malware solutions are running the latest versions. Put in place solid version control too, training all your people in how to use it.
10.Don't just buy security software and advice from an online security expert. Find one to partner with and build a long term relationship that'll benefit you for years to come, not just a one-off, sell-and-run relationship.
Imagine what would happen if your entire system died on you, or your computers were attacked by a virus and completely put out of action? Many businesses these days simply wouldn't exist without their website, their email, their digital back-end customer and sales support systems. When you've made all the right cyber security moves it's a lot easier to recover and survive than if you've not considered cyber security at all.
If the worst does happen and you need temporary help to get you through a tough time then please do get in touch with us by calling 01273 447111