The 2016 -2017 report by the National Cyber Security Centre (‘The Cyber Threat to UK Business’) says that ‘the number of cyber security incidents involving UK businesses is significant and growing’ and that 2016 saw ‘cyber-attacks on a scale and with boldness not seen before.’ As the number of devices connected to the Internet continues to rise rapidly, the technical skills needed to attempt a cyber-attack remain relatively low.
The problem is that small and medium-sized business owners haven’t started their ventures thinking they need to be computer security experts. They have enough boxes to tick - product development, sales, finance and marketing expert - without having to add IT on top.
However, the impact of a computer security incident can cause serious damage. Computers may become infected and run slow or, often more worryingly, valuable data may be taken.
Plus, statistics show that one in two small and medium-size businesses have seen some form of computer security breach.
The reality is that businesses don’t need to invest significant sums to stay protected - what they need to focus on is doing the basics well. Attacks on their computer systems are likely to be unsophisticated and created by someone who is taking a chance that they’ll be lucky. When it becomes harder to get the result they want, the criminal will go elsewhere.
However, advice in the past hasn’t always been helpful. Telling employees to change passwords regularly or not to click on suspicious looking links is not enough to stop threats on an ongoing basis. Spoof emails, for example, are getting more sophisticated and harder to identify.
Six actions businesses can take to protect against a security threat are:
1. Use a password manager. This is a tool that creates and stores passwords and is accessed through a master password. This method of managing passwords is more effective and secure than asking users to create their own passwords.
2. Use two-factor authentication. A code sent to a smartphone, for example, is used to log into the computer together with the usual password. This adds an extra level of security.
3. Back up data. This is an important task and again often overlooked. There have been cases where criminals have asked for money for the return of important company data. Clearly this tactic is less effective if a copy of the data is held in a secure place.
4. Keep all anti-virus and malware protection up-to-date. This probably goes without saying – although it’s a point that’s often overlooked.
5. Keep smartphones and mobile devices password protected. Make sure they can be wiped clean remotely should trouble arise.
6. Ensure all employees have the lowest level of user rights needed to perform their duties. This simply means that if criminals get into the system, the damage they can do is limited.
Small and medium-size business owners certainly shouldn’t ignore the problem of computer security – but the time needed to increase protection levels needn’t be all that onerous.
By making these simple adjustments to your IT procedures, businesses can ensure their data is well protected against the growing threat of cyber attacks. Businesses tackling this head on in an efficient way are ensuring safety.