How to set up and run a small business

Leaderboard – Run – Technology

You are here: Home » Run a Business » Technology » 6 Facets of cybersecurity that small businesses need to be aware of in 2018

6 Facets of cybersecurity that small businesses need to be aware of in 2018

February 7, 2018

Cyber security issues 2018Every article on cybercrime makes alarming statements about the issue becoming more of a threat year after year.

And sure enough, this was borne out in 2017 with some very high-profile cyber attacks, significantly impacting both the NHS and the UK government.

So, as a small business owner, what are the key cybesecurity threats and issues you need to watch out for in 2018, and how can can you guard your business against these?

Small businesses now at greater risk of attack

It’s vital not to become immune to the repetitive warnings, nor think that as a small business you are safer. The stats speak for themselves and they are damning. In fact, small businesses are at even greater risk of hacking and the consequences can – in the worst case – mean an end to your business.

Hackers know that larger companies are more well guarded, so with smaller companies often lacking the resources and knowledge on the subject, they are often easier targets.

Research by PricewaterhouseCoopers revealed that only 12% of small businesses in the UK have cyber security insurance, which is a concern when attacks seem increasingly inevitable. If, as a small business, you remain in the mindset that it won’t happen to you, you could be vulnerable to serious damage, or in the worst case, closure.

2018 is bringing with it all new digital threats, so here are our 6 key cyber issues for small businesses, and what you can do to secure against them.

1. General Data Protection Regulation

General Data Protection Regulation – or GDPR –  is the new data protection framework fixed by the EU which will become law on 25th May 2018. British and EU based companies and home businesses need to comply. The law will come into place before the UK leaves the EU.

In effect, you have 72 hours to inform your relevant data protection authority of a breach, or you can be fined up to 4% of your turnover for loss of data.

What can you do?

You must be aware of exactly what customer information is stored on your online accounts and devices and make certain that it is safeguarded and your business network is secure.

In addition, you need to make sure that any customer information that is held in a cloud-based system is stored safely.

2. Crypto-currency

A cryptocurrency is a digital asset used as a medium of exchange. Cryptocurrencies are firmly established and here to stay.

Security experts are now seeing an increase in cyberattacks that aim to steal computer power for ‘mining’ operations for their own profit (such as production of cryptocurrency).

What can you do?

Hundreds of thousands of businesses already use and accept cryptocurrencies, so it’s important for small businesses to adapt and understand them, otherwise you may be left behind, unprepared for the rapidly changing financial landscape.

Antivirus software can detect cryptocurrency mining tools, but it is harder to spot an employee who is using your business as an inside job – so be on guard.

To reduce the threat of rogue employees and insider threats, small businesses can identify privileged employee accounts (accounts that can affect or access internal systems) and then track and monitor them for quick action if needed.

3. Machine learning

While machine learning can detect suspicious behaviour and therefore prevent zero-day attacks, hackers can use it to support attacks by learning new responses and exploiting system vulnerabilities.

What can you do?

Small businesses need to increase machine judgement with the combination of human knowledge and strategy – so make sure you keep up to date with the latest news.

Basic administrative issues like not keeping firewall systems with the latest updates or changing default passwords compromise security, so an artificial intelligence driven survey could be a solution.

4. Logistics

All businesses have some kind of supply chain, whereby sensitive information is shared with suppliers.

As secure as your systems might be, the inter-connectivity of commerce means that at some point your data will be shared with your suppliers or other such affiliate organisations. As soon as you share information, your direct control is lost.

What can you do?

If a supplier you are working with is lacking in cyber-defence, then you in turn could be compromised. Agree on processes with those you work with for your own safety.

5. Ransomware

Ransomware is software that is designed to prevent access to a computer system until a ransom, usually money, is paid to the hacker. It is set to grow and become more sophisticated in 2018. The WannaCry attack last year took down the IT infrastructure of the NHS and other organisations across the globe.

As a small business you may overlook headline news like this as you may feel you won’t be targeted as you can’t provide a large ransom figure. However, small businesses are easier to attack than the giant organisations and so will potentially become quite lucrative when hackers target a large number of small businesses at once.

What can you do?

Make sure that you do a physical backup as well as a reliable sync cloud backup. This means you will have double backups and increased vigilance.

6. Internet of things

UK companies were hit by over 230,000 cyber-attacks each in 2017, with the majority targeting connected devices. As all businesses embrace the Internet of Things to make life easier and business faster with the sharing of information across the network, hackers are continuing to use this to their advantage – particularly with small businesses providing services to large organisations.

One report foresees large companies being toppled by an attack on a small vendor or contractor that targets their use of the Internet of Things as a way to get into their network.

This is a sign of things to come and a warning that large companies need to update their approach to third-party risk management, and small businesses need better cyber security or risk losing business.

What can you do?  

Most small businesses do not have the IT skills or knowledge in-house, but you can always outsource that expertise for 24/7 protection, making your business more resilient to ongoing threats.

You should be monitoring systems for unusual activity and restricting employee access to personal email and file sharing applications in the workplace.

About the author

This article has been written exclusively for ByteStart by Cheeky Munkey, the Hertfordshire-based IT support company. If there is anything cybersecurity-related your business needs help with, do visit the Cheeky Munkey website for expert advice and consultancy.

More help on running a business

ByteStart is packed with help and tips on all aspects of starting and running your own business. Check out some of our most popular guides;

Starting Up

Funding your business

Cashflow

Image: DepositPhotos.com