Cybersecurity is a hot topic. With high profile breaches making headlines on almost a monthly basis, combined with a far more restrictive regulatory environment, the need to responsibly protect your customers’ data has never been felt more keenly.
It is estimated that a business is subjected to a ransomware attack every 14 seconds, predicted to drop to eleven seconds by 2021. The fallout from cybercrime will cost the world more than six trillion dollars a year, and the average cost to a business of a successful cybercrime attack has increased by 71 percent since 2017.
Prioritising cybersecurity boosts business. 71 percent of customers have stated they would cease doing business with a company that suffered a breach. Not surprising when a single breach in 2019 lead to the exposure of 1.16 billion email addresses and passwords.
With small businesses making up 43 percent of cybercrime attacks, they have the most to lose at a time when they need to be focussed on growth. How then can you help build your business by putting cybersecurity at the fore?
This may sound like a no-brainer, but you may be surprised to learn that only 20 per cent of UK businesses have staff take part in cybersecurity training. They are your first line of defence against cybersecurity threats and are also the ones most likely to unwittingly help facilitate a breach. 78 per cent of employees are aware of the risks of suspicious email links but still click on them.
Thankfully, as a small business, you are unlikely to have a massive workforce, so arranging regular training shouldn’t be too much of a challenge. But arrange it you should. Security risks are reduced by 70 per cent when organisations invest in cybersecurity training.
Important topics to cover include how to create a strong password (an alarming number of people still use phrases such as “123456” and “password” to login), the dangers of clicking on links contained within emails, how to identify phishing attempts, the risks associated with public WiFi. Training should be supported with regular updates informing staff of the latest threats and protocols.
#2 Establish Policy
Even for a small business, it’s a great idea to have an official cybersecurity policy. A formal document distributed to all existing staff members and used during the onboarding process will help to make sure all employees are on the same page when it comes to what you expect from them. The policy should include points such as:
- Appropriate use of work email and internet use
- Use of work issued mobile devices and personal devices at work
- Remote access policy
- The use of portable media such as USB storage devices
- The company and staff’s responsibility regarding sensitive data
- Reporting procedures in the event of an issue or breach
You may think as a small business you don’t need a formal written down policy, however by doing so, you and your people will know exactly what to do with no scope for misunderstanding or assumption.
#3 Access Limitation
It’s not only external forces which pose a threat to your business, with many breaches being facilitated by internal agents. Blackmail or malicious intent can potentially both lead one of your own staff to help criminals access your data.
The best way to protect against this is to make sure access to hardware and software is limited to only those staff members who need it to perform their role. While it may be tempting to give blanket access in the name of convenience, it’s simply not necessary or wise to do so.
By keeping the list of people with access to sensitive systems small, you reduce the chances of bad actors being able to complete their mission and, should something untoward occur, the number of employees under suspicion will be thankfully diminished.
If a cyberattack or other IT related issue results in the loss of data, the consequences for your business can be devastating. The recovery of such data – if recovery is even possible – can take weeks and cost your brands thousands in lost productivity and revenue.
Backing up all your data regularly won’t undo the damage a cybersecurity breach does to your business or reputation. However, it will enable your company to recover from the breach far more quickly by allowing your IT systems to return to a pre-breach state in far less time.
Including backup procedures and schedules could be another point to include in your official cybersecurity policy.
There are four great tips for how to apply cybersecurity to your small business. With your defences shored up, the chances of your upward trajectory being disrupted by a cybersecurity breach will be significantly reduced – keeping your business growing into the successful and profitable brand you want it to be.