Cyber attacks are aimed at everyone and no businesses are immune. However, it is an unfortunate fact that 43% of cyber attacks are targeted at small businesses. This means that business owners need to invest time and resources to protect their businesses.
Let me share some tips on what you can do to protect your small business from cyber crime.
Invest in training
Unfortunately, humans are still the weakest link in any cyber security protection plan. This means that the key to threat reduction is staff training. Here are a few ‘red flags’ to look out for:
- Don’t open emails you don’t recognise or if the topic is worrying. Cyber criminals want to worry you. They’ll say your website has crashed, for example. They want you to open attachments or click on links designed to infect your machine/network.
- Check email addresses carefully. Fraudsters use addresses and URLs that are very similar to legitimate ones.
- Query requests for large, or urgent, payments. It’s not in our nature to query senior management, for example, but it will protect your business if your team is trained to do this. Emails from Finance Directors requesting an immediate payment is made are a common form of cyber attack.
- Be watchful of new contractors, even if they say they’re from your IT company. Whilst most will be legitimate, some cyber criminals will be brazen enough to walk in and attempt to infect your machines. So, if you are not sure, stop and check.
These are just some examples of the threats you face. By making sure your team know what to look out for, and have permission to query/challenge things, you are protecting your network and your business.
You can check the effectiveness of the training by using simulated phishing attacks. Regular, controlled, attacks can identify who is following their training and who needs a little more. We did this internally at Redsquid and reduced click-throughs from 54% to just 4% in only three months.
Protecting your network
Your network protection can come in many guises:
You need a robust hardware firewall. If your firewall is a few years old its ability to protect your network needs to be upgraded as the threats to your network will have increased. Sophos is an example of a good provider of such devices.
Keep your PCs fully patched. Your operating system provider regularly publishes security updates to protect against the latest cyber threats. It is worth spending the time to install updates as it’ll take you far longer to recover if you are attacked.
Microsoft stops supporting Windows 7 on January 14th 2020. Running Windows 7 after that date means seriously risking your network and your business. You must upgrade to Windows 10. We recommend you upgrade your hardware to, to benefit from the physical security and performance enhancements built into new machines.
Vulnerability and Penetration Testing
There are many different ways to get into your network and the data it contains.
Vulnerability Scanning helps to ensure the security of your systems, services and applications from a number of common attack vectors, exploited by both automated and manual attackers. Vulnerability testing should ideally be done continuously, but at least every month.
A penetration test is an authorised simulated cyber attack on a computer system, performed by a suitably qualified third party. It’s designed to evaluate and ultimately to fortify the security of a target system through the identification of security vulnerabilities. We recommend these are done at least once a year by an independent body (not your IT provider) for the peace of mind it provides.
These tests also mean you are properly ticking the GDPR box. You need to be able to show you are protecting Personally Identifiable Information (PII) you hold on your customers and staff. If a breach does happen and you cannot prove you have taken reasonable steps, the Information Commissioners Office (ICO) can fine you up to 4% of annual global turnover.
Email gateways are a great way to reduce mistakes. By passing all your email through a gateway, such as Cyren’s email security (https://www.cyren.com/products/email-security-gateway), you block the malware, phishing and spam emails threatening your network.
APIs and Web Applications
Most businesses are using multiple web applications and APIs to streamline productivity. Have you checked whether the ones you use have been tested for intruder prevention? They can become a back door into your network for cyber criminals.
Multi-factor authentication (MFA) uses multiple devices to protect your network. Your phone can act as confirmation you are who you say you are, when you are logging into your laptop or into an application. Multiple layers of security make it harder for unauthorised users to access your network.
Protecting your network is always the first step. We also recommend you insure against cyber threats. The right cyber insurance will help you recover. For example, if you suffer a ransomware attack they may consider which is more beneficial – paying the ransom or paying the costs of getting you back running. Take advice on the insurance you should have and read the small print with the greatest of care.
Cyber threats are ever present. A breach of cyber security may not immediately damage your business but the fact that it has happened can seriously damage your reputation. It is a fact of modern business life that you need to regularly review and maintain your protection against cyber crime and ensure your staff are trained and have refresher training as necessary.
ABOUT THE AUTHOR
Mike Ianiri is Sales Director at Redsquid, one of the UK’s leading independent providers of business Voice, Data, ICT, Cyber Security and IoT Solutions. Redsquid is not tied to a single supplier but rather helps clients boost productivity, reduce costs, and protect and grow their business by creating bespoke solutions from the best technology available in the marketplace.