Cyber Security advice for small businesses
“The private sector is the key player in cyber security. Private sector companies are the primary victims of cyber intrusions. And they also possess the information, the expertise, and the knowledge to address cyber intrusions and cyber crime in general.” – James Comey
Clearly the subject of cyber security is a massive one and this article is not meant to be a definitive guide … but in typical Yorkshire Powerhouse style, it’s proportionate, thoughtful and straight to the point and suggests what threats you should be aware of and how to deal with them.
Clearly, the larger the business, the more you should concern yourself with cyber security as the greater the impact of being hit!
What are the main threats?
Here’s a quick overview of the main threats to be aware of:
- Viruses – malicious software that replicates itself and modified other parts of your system
- Worms – similar to viruses, but normally a standalone rather than a replicating threat
- Spyware – typically, spyware silently collects data from your systems for nefarious reasons
- Trojan Horses – these mislead the user of its true intentions and appears benign
- Ransomware – with plenty of recent publicity, if you’re a victim then you lose access to your system until a payment is made
- Keyloggers – these record keypresses with the intent to steal passwords
- Adware – The worst being annoying pop up windows that can be unclosable displaying unwanted and irrelevant adverts
Download all our business templates for free:
Emails that look like they’ve come from a legitimate source (bank, HMRC, etc) but that actually are an attempt to gain your private information such as bank login’s, passwords, personal details, etc.
In the context of this article, we’re viewing hacking as an attempt to gain access to your IT systems by skilled techies for criminal or nefarious reasons.
What Cyber Security systems do I need to consider?
Remember the opening comments to this article – the larger your business the more you need to look into this. So, the following comments are aimed mainly at sole traders and micro businesses with low levels of risk (i.e. they don’t hold valuable client data such as banking information).
The three main elements needed to protect you are:
For most sole traders the free antivirus systems are normally adequate for their needs. Paid for systems are more appropriate as soon as you have IT systems networked (i.e. more than one computer) or where your data is more sensitive.
Your firewall acts as a barrier between your systems (computers, files, networks, etc) and external threats. Most routers act as a firewall but most users don’t secure their routers by changing their passwords from the factory defaults, and most routers haven’t been updated since they were first installed.
Following good practices
There are three main areas to consider under the cyber security banner of ‘good practice’:
- Far too many businesses and individuals use the same, simple password across multiple systems – clearly this is risky but worse, it’s easy to crack and solve using technology. The general advice is:
- Avoid pet names, birthdays, middle names, addresses, etc. There are guessable.
- An ideal password combines numbers, upper case and lower-case letters AND punctuation symbols in a random mix.
- EVEN MORE IMPORTANT is the length of password. 8-character passwords can be cracked in hours now (even following the above point) so a minimum number now is 12 and the more the better.
- The only genuine solution to passwords is to consider using a password add / tool that helps create, store and retrieve passwords across all your systems. They take time to set up and to become familiar with but the benefit is that you only need to remember a single password and then all others can be supremely secure.
2. Updates / Patches
- Modern operating systems (such as Windows 10 and Android) are constantly updating and patching security flaws in their own systems and you need to ensure that your systems are using these updates. Additionally, as mentioned above, your router is your first line of defence so get into the habit of updating / patching this.
3. Procedures and policies for using IT
- Always restrict access to your systems as much as you can. Servers and routers should be out of reach of staff, cleaners, visitors, etc. Physical security (locked cabinets / doors, etc) is a great start.
- Train yourself and your staff about the risks on emails – never open attachments or click on links that could be malicious.
- Engage in proper password systems – change them from time to time, but ensure they are a minimum of 12 characters and complex, random passwords.
- Remote working and home working is an increasing trend but be aware what your team take home with them or can access from home. People are frequently the weakness in your cyber security systems.
- Back up your data regularly. In the modern world, there’s no excuse – cloud based back up solutions are cost effective and reliable.
- Regularly check and update your router for patches
Take control of your cyber security with the same vigour as you do your business – the collapse of your IT generally collapses your business so it’s an area you should care passionately about.
Simple guidance on cyber security from Yorkshire Powerhouse
There’s no reason why small businesses can’t create basic disaster recovery plans … not doing so can easily result in the business failing and losing all value! Read >