Protect your Business from Cyber-Attacks
Cyber-attacks and security have been prominent in the news lately, and though these high-profile stories may have nothing to do with your business, the threat to small and medium size business of cyber-attacks through malware is very real. Compound that by the fact that more of us are working from home or offsite following lockdown, and it becomes clear we are more vulnerable to malware than ever. So, what can you do to protect your business?
What is malware?
Malware falls into 3 main categories
- Spyware – gathers personal information you enter on websites and passes it on for criminal use.
- Viruses – will shut down your system and pass it on to other machines you make contact with.
- Ransomware – locks your device and/or data and demands a payment to unlock it.
If you are not sure how your business vulnerable to cyber-attacks, ask yourself the following questions.
Who could be responsible?
Criminals, staff (current or former) through accident, negligence, or even malicious intent. In some cases, you could even be targeted by a business competitor.
How could your business be targeted?
This could come by a remote attack on your devices and computers, access to third parties who hold your information (e.g. banks) or by gaining information from your staff. In addition, laptops and devices could be physically stolen.
What could the impact be?
Financial losses can result from the theft of financial details, allowing access to your bank or money. There might also be a disruption to your trading, again resulting in financial losses. In addition, you may incur costs for cleaning up systems and even face fines if personal data you keep is lost of compromised.
- Make sure you have strong passwords for all your devices. Choosing 3 random words is better than incorporating dates and information that could be gleaned from social media or registered information, such as with Companies House. Always change the default passwords that come with new equipment, laptops, smart phones etc.
- Switch on password protection and two-step authentication.
- Help your staff to cope with overload. Find safe ways for passwords to be stored safely.
- Save your passwords in your web browsers. This is safer than using the same password for all accounts and devices.
Protecting from Malware
- Switch on and keep updated your antivirus software.
- Make sure your software and apps are the latest versions and switch on your firewall.
- Drill your staff about the danger of downloading dodgy apps.
- Identity Management. Do an audit on the permissions you and your staff have across software and apps. Keep most accounts in general mode and confine admin roles to minimise risks.
- Use cloud storage. Transferring data with USB sticks can be a way to pass a virus around.
Back up your Data
If you are a target for malware you could lose all your data. This is not only much more inconvenient than you imagine before it happens to you, but could cost your company money. If you back up regularly you won’t be vulnerable to blackmail for the return of your data.
- Identify what data is important to your ongoing viability and make regular backups.
- Keep your backups physically separate from your computers and devices, as malware can move to attached computers.
- By backing up to the cloud, you are guaranteed your back up will be completely separate, and this gives the added advantage of easy access from anywhere. The National Cyber Security Centre has this Cloud Security Guidance to help you choose the right provider for you.
- Diarise regular backups or automate them if possible.
Mobile Devices & Laptops
If you or your staff use phones, tablets, or laptops out of the workplace they are vulnerable to cyber-attack through theft, loss, and corruption. Here are some tips to minimise the risk.
- Make sure a complex password or pin is enabled to access the device.
- Make sure that tracking software is switched on. This should be one that enables you to lock or wipe data remotely.
- Ensure that all devices and apps are up to date to benefit from the latest security improvements.
- Avoid joining unknown Wi-Fi hotspots in public places.
Emails are one of the most common modes cyber-attack, so be wary of phishing emails and make sure your staff are familiar with the tactics used as well.
- Never give your password or personal details in response to an unsolicited email.
- Equally, always verify requests to transfer money etc, even if it comes from someone high up in your organisation, if it is unusual for you to receive such a request.
- Be wary of clicking on invoices or attachments from businesses you don’t recognise.
- If you do accidentally click on something suspicious, open your antivirus software to run a diagnostic and follow the instructions.
- If you think your password has been compromised or you have been tricked into giving it to someone, change all your passwords immediately. (see Passwords above)
This infographic from National Cyber Security Centre offers advice on phishing.
Get More Information
The National Cyber Security Centre offers a wealth of advice on how to defend yourself against cyber-attack. This Cyber Security Small Business Guide provides greater detail on all these areas. In addition, they have an action plan, so you keep track of what you have done so far and still need to implement
Related Articles from Artisan Accounts