On average, small businesses fall victim to cyber crime at least twice a year! So, it’s a case of ‘when’ rather than ‘if’ when it comes to an attack – and you need to be ready! Research shows that up to 80% of common attacks could be prevented if businesses put simple security controls in place.
As a proactive IT solutions provider, we’ve comprised a few of our top tips to help you keep your business secure:
Secure your network
Connecting to an untrusted network, such as the internet, can expose you to attacks. Include which sites can and can’t be visited through your network in your employee internet policy, make sure downloads are scanned with anti-virus software and safeguard your connection by using a firewall. Remember to make sure that your Wi-Fi is secure and hidden too.
Put policies in place
Establish clear policies on how employees should handle and protect business information and sensitive data and remember to include safe use of social media and email within your policy – even when they are working remotely. Hold everyone accountable to your security policies and procedures.
Security should be everyone’s responsibility – don’t just rely on one or two people, even if you’re running a small business. Educate all employees about online threats and protecting your business’s data. Make sure policies are formally acknowledged in employment contracts.
Manage User Privileges
All users of your IT systems should only be provided with the level of user privileges required to do their job. Control the number of administrators and ensure these accounts are not used for high risk activities. Monitor user activity and make sure accounts are updated regularly.
Know Your Risks
Businesses protect their premises from break ins, and in the modern world, your IT systems should be no different. It’s important to assess your cyber risk and manage it in the same way you would for legal, financial or regulatory risks. Embed a risk management regime into your organisation and make sure you regularly check for security vulnerabilities.
Use Secure Passwords
A strong password is your first defence against hackers. Require all users to set strong passwords and change them regularly in line with Cyber Essentials guidelines. Include numbers and symbols and don’t allow words which are easy to guess or found in the dictionary.
Business processes such as email, web browsing, removable media and personal devices are vulnerable to malware. Make sure you regularly scan for malware and protect all machines with antivirus solutions. In addition to this, you should scan all incoming information for malicious content.
Software updates regularly contain vital security upgrades which help to keep your devices and network secure. Most operating systems provide mechanisms to automatically check for, download and install these updates – make sure you have them enabled.
Prepare for the Worst
All organisations will experience a security incident at some point. Putting an incident management plan in place now will make it easier to limit the damage caused, improving your resilience against attacks and helping you to keep things running smoothly.
The UK Government has a Cyber Essentials scheme to help businesses put controls in place and help defend against common internet-borne threats. Cyber Essentials is applicable to organisations of all sizes, in all industries and it provides a good foundation of basic cyber security. You can also take assessments provided by the scheme in order to become Cyber Essentials certified.