Small businesses are big business for cyber criminals. According to the latest Government statistics, 58% of UK small businesses surveyed have suffered a cyber breach or attack in the past 12 months. Find out what makes your business vulnerable and how to protect it from cyber threats.
Cybersecurity basics
The aim of cyber criminals is to gain unauthorised access to your business’s devices, networks, and programs, and use that access to steal sensitive information and extort money. Cyber criminals could steal your customers’ data, pretend to be you, and defraud your customers into paying them. The consequences of cyber attacks can have a significant impact on a business, including reputational damage to the brand and financial loss.
Cybersecurity is all about protecting those same devices, networks and programs, and the data they hold. Whatever the size of your business or the number of devices you have, cybersecurity is something you can’t ignore.
Could your business be at risk of a cyber attack?
The cybersecurity breaches we tend to hear about are the big ones: when a large business’s customer data has been compromised, or its normal operations have been seriously disrupted. These attacks make the news, but rarely – if ever – destroy the business.
The cyber attacks we don’t hear about are the ones that affect small businesses. Yet they often have more devastating effects than the headline-grabbing stories. In fact, in the UK alone, 60% of small organisations go out of business within six months of a cyber attack2.
Cyber criminals are well aware that few, if any, small businesses will have an employee dedicated to overseeing cybersecurity, or who is a cybersecurity expert. They know that in a small business, there’s less of a budget for enterprise-grade security technology, and that IT practices may be less strict and less secure. And that means the criminals have more opportunities to gain unauthorised access.
Targeting a small business won’t provide them with such large returns as attacking a large one. But the likelihood of success is much greater, and the opportunities more numerous – simply because there are so many small businesses (90% of businesses worldwide are classed as ‘small’). So those smaller returns quickly add up, with very little risk involved.
The good news is that effective cybersecurity for a small business doesn’t have to be a big challenge. With the right combination of tools, technologies, and practices, just a few small steps can secure your business and deter the criminals.
Where does it all go wrong?
You couldn’t operate your business without digital technology. Even if it’s just one PC, you would be lost without it. And the more technology you use, the more you come to rely on it – and the more vulnerable you are to cyber risks and threats.
Those risks range from ransomware and phishing to social engineering attacks – you can discover what these and other cybersecurity terms mean in this cyber glossary. It’s not just criminals who are threatening your business – the way your business operates and the technologies you use can also present cybersecurity vulnerabilities. It’s important to consider the following in terms of how your business operates:
Bring Your Own Device (BYOD) policy
Do you or your employees ever work on their personal devices – smartphones, tablets, or laptops – at home or in the office? If they do, it can seriously compromise your business’s security.
Personal devices are often used in insecure locations on insecure networks (in coffee shops or airports, for example). So, they are far more vulnerable to being hacked than business-only devices used on the business’s secure network. Also, when personal devices are used for non-business purposes, such as gaming, it is easy for an employee to unwittingly download malware. This then has access to attack the rest of your business network.
Working from home
Working from home and remote working are now part of everyday working life. But even though most small businesses are well used to the idea, their cybersecurity – and employees’ awareness of the risks – may not have caught up. So working away from the office can make even dedicated business devices more vulnerable to cyber threats.
For example, used at home, those devices may be shared with non-authorised people, such as family members who may access less than safe websites, introducing ransomware or viruses onto the machine. Legitimate business information and data may be accessed through unsafe networks – such as public wi-fi. And dangerous emails received out of the office may avoid spam filters or be opened inadvertently – compromising sensitive business information and exposing your business to risk.
Cloud applications
The cloud has been one of the biggest recent developments in business IT. However, it brings risks along with its rewards.
Although information stored in the cloud is generally secure, if attackers get hold of stolen credentials they can gain access and exploit the information however they want. Alternatively, they may gain access through insecure Application Programming Interfaces (where programs or devices are communicating with each other). The more sophisticated cyber criminals specifically target cloud environments and use public cloud services to operate cyber attacks.
And using the cloud may lull a business into a false sense of security that there is no need to back-up data. Yet if the data is permanently lost, it can be catastrophic.
What steps can you take to protect your business?
There are several relatively easy and inexpensive things you can do to address the vulnerabilities. Together, they could save your business.
Antivirus
Installing and monitoring antivirus on all devices to secure every point of entry.
Regular vulnerability scans
Regular scans ensure that antivirus, passwords, and any other software are up to date.
Email encryption
End-to-end encryption directly on user devices ensures information only ends up in the right hands.
Secure authentication
There are several ways to achieve this, but password policies and multi-factor authentication are some first steps.
Secure employees anytime, anywhere
Provide a VPN connection to remote workers to secure access to organisations data and applications.
Security awareness and training
Educate employees on practices that protect themselves and your organisation, such as recognising scams and creating strong passwords.
Enforceable processes and policies
Make sure everyone knows how to keep the business safe. Establish clear direction regarding what data needs protecting and how.
Backup and disaster recovery
It prevents you from losing sensitive and valuable data in case of accident or emergency.
As a minimum requirement, your business needs an antivirus, online and offline back-ups and network monitoring. Fortunately, your small business has the advantage of being able to act quickly to get cybersecurity in place. With specialised cybersecurity protection products, such as Norton Small Business, you can get comprehensive cybersecurity protection for your business’ devices and the passwords, customer data, and financial information you store on them.