Cyber security should be a priority for every UK SME. All businesses, no matter how big or small, should be aware of how their business might be at risk from cyber attack.
Why is cyber security important?
Cyber security is all about protecting data and systems from unwanted attacks. It involves putting processes and technology in place to reduce your risk of falling victim to a cyber attack, as well as educating people on how to make smart choices about how they handle their data.
The internet is a brilliant tool for businesses, as it allows you to connect with customers, suppliers and employees right across the world. At just the touch of a button, you can send an invoice, spreadsheet or presentation to anyone at any time and receive a reply in seconds. You can sell your products or services online, write blogs to help inform your customers and begin to gather information on what they’re interested in. Embracing the internet allows businesses to move out of the traditional 9 to 5 at the office.
Business is day and night, it never sleeps. Now, your office can be wherever in the world you wish it to be at that moment in time.
However, for any company, protecting employee and client data must be a top priority. People have trusted you with their personal information and you have a duty to protect it to the best of your ability. Fail to do so, and you could risk being fined and suffer significant damage to your reputation. Don’t be fooled by all the cyber security myths that catch others out.
What do we mean by ‘data’?
When we talk to SMEs about their cyber security, we find that a lot of business owners don’t actually believe they hold any data. This might be because they don’t have a massive online database or complex computer systems. But data means so much more than that. It’s any information that you have about another person, item or company. Having someone’s mobile phone number saved to your contacts is holding data. Downloading someone’s CV onto your computer is holding data. Allowing your SatNav to remember an address is holding data. Every single day we process and interact with data without even thinking twice about it, especially within a business.
Why might your data be vulnerable?
Hackers have developed several different tricks for getting at people’s unsecured data. Here are just a few of the simple ways you might be leaving yourself vulnerable and open to attack.
Using Public WiFi- if you’re always on the move for work, travelling around the UK to meet clients and suppliers, you might be tempted to use public WiFi to make the most of your time on public transport or sitting in coffee shops. Whilst there’s nothing wrong with doing so, we recommend always checking that you are logged into a secure provider. Don’t assume that because a network is named ‘Costa Coffee’, that it is definitely the official Costa Coffee WiFi. Hackers will set up fake networks in order to obtain your username and password when you try to login. If possible, use Virtual Private Network (VPN) when out and about.
Using The Same Password- As cyber security experts, we go on and on about how important it is to regularly change your password, but it truly is that important! All too often, we see businesses who use the same password for all their accounts and systems. Once a hacker has managed to gain access to one, then can then more easily get into the others. It’s best to use a unique password for each different account. If you have trouble remembering lots of different passwords, we recommend that you make use of a secure online password storage service. In addition, you should make use of two-factor authentication wherever possible. This simply means that any email login is linked to a phone number. When you want to login, a code will be sent to your phone for confirmation, providing an additional layer of cyber security.
Ex-Employees Transferring Data- Every time an employee leaves your company, there is a risk that they will take sensitive information with them, such as client data. If the parting isn’t particularly amicable, the chances of them doing so increase. As they transfer the data to their own less secure personal devices, the vulnerability to cyber attack increases. If possible, limit an individual’s access to your systems as soon as they reveal their plans to leave. When they have actually have left the company, remember to close down all their accounts, including email, and remove them from any Slack or WhatsApp groups.
Clicking A Malicious Link- Phishing emails are some of the most common types of cyber attack. Hackers create emails or social media posts that appear to be from legitimate, reputable and trustworthy companies, such as a bank or insurance provider. Within these emails they include links to fake website pages or forms, also made to look authentic. On these pages, you are encouraged to input sensitive personal information. To improve their chances of success, some hackers will spend time looking you up on social media, finding information to make the email as personal as possible.
These are just a few ways in which hackers might find a vulnerability in your system. For more information on cyber attacks, click here.
How can you improve your cyber security?
When it comes to improving your business’ cyber security, you first need to know where you currently stand. That’s where Aura comes in. Our comprehensive assessment acts as a health check for your cyber security. We’ll complete extensive technical checks of your systems and software, and talk to you about how you use your technology on a day-to-day basis in the office. Once our assessment is complete, we’ll provide you with a clear and simple report that doesn’t use jargon or complicated technical terms. In it, we will outline what your next steps should be and what the key priorities are.
We’ll give you everything that you need to know to get your company’s cyber security back on track.
With everything fixed up and new processes in place, we’ll be proud to present you with a certification, highlighting that you’re a business to be trusted.
Two of the best ways to improve cyber security are providing employee training and ensuring that your system are kept up to date- more on those below! Another way to improve your cyber security is by ensuring that you are using the strongest passwords possible, that they are unique to each system and that they are changed on a regular basis. That is a policy that needs to be enforced across the business. If possible, enable two-factor authentication.
As a preventative measure, you should be consistently backing-up all your data. That way, you can vastly reduce the impact that any cyber attack has on your business. You can simply restore the data to your systems rather than redirecting vital resources to trying to recreate or recover it. In addition, the more familiar you are with the data you hold, the quicker you will be able to spot irregularities and you can decide whether or not to add additional levels of security to the most sensitive information.
What’s different about mobile cyber security?
Smartphones are amazing pieces of technology but they come with their own sets of vulnerabilities. For starters, a hacker is more easily able to physically get their hands on a mobile, either because they’ve stolen it or the owner has mislaid it. If the hacker is then able to get into the phone, they will have unhindered access to a number of other logins, including email and cloud storage.
Just like desktop computers and laptops, smartphones can be subject to cyber attacks. Malicious links tend to have the greatest success, as it is all too easy to click the wrong thing on a smaller mobile screen. For example, malicious pop-up ads frequently catch people out.
On the go, you might be tempted to access the internet using public WiFI on your phone, rather than eating into your data allowance. Try to avoid this temptation if you can.
Public WiFi is far less secure than your home or work networks and your information can be quickly intercepted, including logins and bank details.
Hackers may even try to steal your login information by tricking you into entering your details into what looks like a coffee shop or airport’s WiFi, but is actually a sophisticated fake. This is known as ‘network spoofing’. If you use the same password for multiple different accounts, the hacker may be able to gain access elsewhere. Wherever possible, double check with an employee that you are about to connect to the right network or stick to browsing sites that don’t require you to login.
Anti-virus software is available for smartphone, and we firmly believe that it is a worthwhile investment. As businesses move away from 9 to 5 office-based ways of working, it is more important than ever to take your mobile cyber security as seriously as your other devices.
Why is it important to educate people about cyber security?
You’re only as good as your weakest link. No matter how well-protected your digital systems are, cyber attacks will still remain a threat if someone in the business isn’t clued up on how to use them. One of the easiest ways for hackers to gain access to valuable information is by sending an email containing a malicious link to multiple individuals within the company. After all, it only takes one person to fall for a scam for the whole company to be affected.
Training employees so that they have a greater understanding of cyber security can be massively helpful when it comes to spotting suspect behaviour within the office. For example, someone might notice that a colleague seems to regularly download content to a USB or forward information to a personal email address. Both are indications that an employee is stealing data from the business, potentially in anticipation of leaving the company and moving elsewhere.
Rather than simply putting a new process in place and instructing everyone to follow it, we recommend taking the time to explain why you’ve done so. That way, you are far more likely to get employees onboard with your new way of doing things.
Training all your employees might seem excessive at the outset, but it can prove highly cost effective in the long run.
Should an untrained employee inadvertently open the doors to a cyber attack, you will need to divert resources towards dealing with the issue, including searching for a solution, checking what data has been compromised providing reassurance. Inevitably, productivity will be impacted.
Why is it important to update your cyber security?
Cyber security is changing every single day. We are always looking to stay one step ahead of the hackers, and that means developing new software and processes to give you greater protection. Once we’ve pointed out the flaws in your cyber security, we want to be able to provide you with the best solutions possible, as well as ongoing advice and cyber security tips.
We aren’t the only ones doing so. Any programmes, systems or applications that you make use of as a company, will periodically notify you that updates are available. Don’t ignore those pop-up notifications. If a technology provider has chosen to release a new security patch, it means that they believe there is a vulnerability within their previous system. If they’re aware, there is a good chance the hackers are too. Make sure you complete every update to reduce your risk of exposure.
Reveal your business cyber security status and take back control today. Our cyber security tool will indicate how much of a threat you face, highlighting weaknesses and areas of potential risk, within both your own business and your wider supply chain.