Those larger corporate businesses that have been in the news for cyber security breaches or attacks are not alone. The UK Government has published a survey that suggests over 40% of businesses have failed to prevent a breach or attack. Small and medium businesses are at risk, just as much as the large corporations.
This article aims to provide a quick guidance to small business recruiters, on how to protect their business.
The biggest risk of data leaks are caused by the user; most users are using non-approved apps or programmes on their work devices and well over half are still using weak, default or continuing to use previously stolen passwords. Many users don’t realise that they have shared business-sensitive information online.
Below are opportunities to reduce your business risk to cyber breach or attack:
- Passwords – change them regularly
- Password length – at least 8 characters, although best practice is 14 or longer. Include special characters, numbers and letters in your password
- Password security – use a password manager tool to securely manage your logins and generate unique passwords, so avoiding the risk of people writing the down
- Use antivirus software – Windows 10 already has the latest antivirus protection in Windows Defender
- Software updates – ensure software updates are actioned quickly on any device including your staff’s phones, if they are used for any work purposes
- Software – ensure only approved software and apps are used on all devices
- Operating System and applications – keep up to date
- Storage – use Dropbox or OneDrive to store your data in the cloud and where possible action regular backups. Use a strong password for your cloud storage.
- Use secure WiFi for your business – best practice is to ensure the number of people who know the password to a minimum.
- If you have many guests visiting, then use a separate guest WiFi, this will avoid unknown people accessing your files.
What should you do?
As best practice small business owners should aim to:
- Train all colleagues (including new starters) in cyber security and repeat at least once a year
- Have a Cyber Security Policy, which needs to be kept relevant and up to date. Ensure all colleagues have read the policies and signed – keep these for audit purposes.
- Ideally this should be issued annually. For all new starters this should be part of their training.
- Manage user privileges – identify the access and privileges that individuals require to do their duties, and give them their own logins. Higher level privileges should be managed and controlled. Good housekeeping should look to remove redundant accounts immediately. Have a section for these in your Security Policy so you know what to do.
- Staff member leaving? It happens. Know which systems need to be changed and make sure that is in your policy too, and that it is carried out.
Choose your partners carefully
Quiz your IT providers on their own policies and reassure yourself that they take your security as seriously as you do. Are they keeping you up to date with patches, running regular backups and reviewing add-ons for security? There’s a reason non-specialists can be cheaper!
Taking your cyber security seriously is critical to your business success. You should aim to educate your colleagues of the best ways to work from a cyber security mentality. Education is key to lowering the risk of a cyber breach or an attack succeeding.