How to set up and run a small business

Leaderboard – Run – Technology

You are here: Home » Run a Business » Technology » Automated cyber-attacks targeting small businesses – 10 steps to protect yourself

Automated cyber-attacks targeting small businesses – 10 steps to protect yourself

June 26, 2015

According to new research commissioned by the Government’s Cyber Streetwise Campaign, SMEs are putting a third of their revenue at risk because they are downplaying the threat of cyber-attacks, leaving them exposed and vulnerable.

With this in mind, here’s what small businesses need to watch out for, and 10 clear steps that can be taken to protect against future attacks.

Cyber-thieves now target small businesses

One of the major problems facing small business owners is the common misconception that because of their smaller size they are unlikely to be a target for hackers or cyber criminals.

This however is not true. Unfortunately cyber-attacks aimed at SMEs are becoming more prevalent because it is precisely their small size and unsophisticated defences that leaves them vulnerable to attack.

Whereas many people are under the misconception that cyber thieves are only after the money, in actual fact rich data also makes a business an attractive target for attacks. Businesses that hold a large amount of customer data, for example, contact details and health data, are rich pickings for thieves.

Staying one step ahead of cyber criminals is not easy as they are constantly finding ingenious new ways to deceive businesses and steal valuable data.

Cyber-attacks tend to not be undertaken by just one individual targeting one specific business. Modern-day cyber-criminals have developed sophisticated automated programs that can produce mass attacks for very little investment.

With these automated attacks, criminals can target thousands of businesses all at once, which makes attacking small businesses a worthwhile investment for them.

Increased inter-connectivity raises risks

In the last few years cyber-security has become an even greater threat because of how inter-connected businesses are with one another. Rather than just having a website or email account, businesses now have much more complicated networks that comprise various mobile and cloud connections.

Nowadays the inter-connected nature of business servers and the fact that the majority of companies have to interact with any number of customers, stakeholders and clients on a day-to-day basis means that no company is exempt from the communication chain.

Impact of a major cyber-attack

A major cyber-attack on a small business can have a devastating effect. The Government’s 2015 Cyber Streetwise Campaign reported that 74 per cent of small and medium-sized businesses have reported some kind of information breach.

It also found that for SMEs, the average cost of the most severe breach was between £75,000 and £310,000 and that threats from outsiders to the business has become a greater threat in the past year.

A major security breach can wreak havoc on SMEs and lead to consequences such as:

  • Information loss from theft of information or bank details
  • Financial loss if money is stolen directly
  • Financial losses from disruptions to conducting business (especially if the business is dependent on working online)
  • Reputational damage that can result in loss of customer base
  • Costs to replace lost data

10 easy steps to protect your business from cyber attacks

Despite these significant risks, there are a 10 straightforward and easy to implement steps that SMEs can take to safeguard against future cyber-attacks;

1. Download software updates

Ensure software and app updates are downloaded as soon as possible as they contain valuable security upgrades that will help to protect data.

2. Have a good spam filter in place

Make sure any high-risk emails are being filtered out as best as possible.

3. Delete any suspicious emails

Brief staff to immediately delete any suspicious emails that may have slipped through the net as they may contain fraudulent requests or links to viruses.

4. Back-up data

Backups should be performed regularly in order to protect a site in case of a problem. A good hosting provider should be able to provide a full, regular backup of any account.

5. Enforce strong passwords

Ensure all passwords are at least 15 characters long with a variety of upper and lowercase letters, symbols and numbers.

6. Don’t use the same password for multiple services

Using the same password multiple times is particularly risky because if one service is compromised, then they can all be.

7. Make protecting data part of the culture

To ensure everyone in the company is on the same page, organisations need a simple, non-technical policy document that highlights every individual’s responsibility in protecting sensitive information about customers, colleagues and others.

8. Install anti-virus software on all devices

Computers, smartphones and tablets can all become infected by viruses. To protect against them, anti-virus software must be installed for all devices where data is shared amongst colleagues.

9. Invest in a sophisticated workforce management system

There is cutting edge technology available that can help to prevent against cyber threats by managing all personnel data in a secure and organised system.

10. Develop and refine a response strategy

Businesses should put in place an action plan for if a major security breach occurs. Take the time to learn from any minor data breaches and ensure security measures are continually evolving to correspond with any changes in legislation or relevant news.

SMEs are now more of a target for cyber-thieves, as criminals can use sophisticated technology to target thousands of small businesses at once. To stay one step ahead and ensure attacks don’t damage their, business they need to follow all the necessary safety precautions.

About the author

This guide has been written for ByteStart by Simon Birchall, managing director of leading workforce management developer timeware, whose personnel system allows businesses to store, update and view personnel information in a secure environment.