Cyber security series
- Part 1 – Protect your small business with the latest on cyber security
- Part 2 – 5 ways to make your business more cyber secure
This article continues our series on protecting your small business from cyber attacks, based on the latest advice from the National Cyber Security Centre. Head back to part 1 to read more on why data security should matter to small businesses, or read on for the threats you’re likely to face.
Cyber criminals are increasingly targetting small businesses. They’re seen as the soft underbelly of the financial world.
Free cyber security guide
Check out the 5 steps for defending your business against cyber attacks, in the National Cyber Security Centre’s updated guide.
What cyber threats are you likely to face?
“The cybersecurity threats experienced by small and medium enterprises are largely no different than those experienced in the public sector or by large global organisations,” says Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center).
So what form could a cyber security attack take?
Your clients could be targetted
Phishing, ransomware and infrastructure attacks rarely have a specific target in mind, making the success of those types of attacks fundamentally a numbers game, says Mackey.
“This is in contrast to an attack on the users and customers of a business. In targeting the user base, attackers must specifically invest in crafting an attack which looks like legitimate communication from the target to their users.”
“So while an IT organisation can design defensive measures against attacks targeting their employees and infrastructure, attacks targeting business operations are more problematic.”
You can alert your clients to the threat of phishing emails pretending to come from your business, but there’s no way to stop them being sent in the first place.
Cheap cloud services leave you vulnerable
There’s an emerging threat from small businesses that forego the traditional IT department in favour of cloud service.
“If those cloud services aren’t defending against the types of threats the organisation expects, then a false sense of security can be created,” warns Tim Mackey.
Holding you for ransom
Ransomware is another big threat which could completely prevent an organization from doing business, says Thomas Richards, principal consultant at Synopsys.
“This has proven to be a successful business model for cyber criminals, and not one they will likely give up in the short-term. Make sure all corporate data is backed up with a tested business continuity plan in place.”
People clicking things they shouldn’t
“It’s no secret that humans are the weakest link, but the recent Verizon Data Breaches Investigations Report, suggested that some 90% of breaches start with a phishing or social engineering attack,” says Jonathan Whitley, director for Northern Europe at WatchGuard Technologies.
“The other major user problem is stolen or weak passwords.”
NCSC: Key steps to cyber security
- Back up your data: Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them. If you have backups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.
- Protect your business from malware: Make sure you install and turn on antivirus software, guard against harmful apps, install security updates, and install a firewall.
- Keep your smartphones and tablets safe: Malware is just as much a threat as it is to your PCs. Don’t connect to the Internet using unknown wifi hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security.
- Use robust passwords: Make sure they can’t be guessed from information you have available on social networks.
- Avoid phishing attacks: Be aware that many threats come in the form of seemingly innocuous emails. You should configure your staff accounts in advance using the principle of ‘least privilege’. This means giving staff the lowest level of user rights required to perform their jobs, so if they are the victim of a phishing attack, the potential damage is reduced.
Cyber criminals are constantly looking for weaknesses in your systems, but by training your staff to be careful of suspicious communications or emails, keeping up to date with software patches and making sure passwords are robust and secure, you can protect yourself against many of the common methods of attack.
Useful resources on cyber security:
Further reading on cyber security for your small business:
- Why cyber security skills are in demand within accountancy
- How small businesses can protect themselves from data breaches
- Are accountants responsible for data breaches?
Marianne Curphey is an award-winning financial writer and columnist, and author of the book How Money Works. She worked as City Editor at The Guardian, deputy editor of Guardian online, and has worked for The Times, Telegraph and BBC.