Cyber-security: Simple steps that can save your small business from ruin
Anne Tasker is founder and managing director of Zenzero Solutions, a leading business IT solutions provider based in Warwick. A former software engineer, Anne set up the company in 2004 to provide SMEs with all areas of IT expertise.
Sixteen years later, one of the biggest challenge facing small businesses is cybercrime. This challenge, says Anne, is one that SMEs cannot afford to ignore.
We all know that cybercrime is on the increase, costing the UK millions of pounds, wasting time and threatening reputations. But when you are running your own business and all that goes with that, the idea of having yet another issue to deal with, i.e. cybercrime, can feel overwhelming or instil an attitude of “it will never happen to me”.
But there are relatively simple things you can do to protect your business.
As a managed IT provider set up to support businesses, charities and other organisations here are some simple steps we suggest you take as a starting point - and the good news most of these will not cost you a penny.
Leavers and Joiners
You will have a process in place for when people join your organisation so they can get on with the job as soon as possible. But does that process consider access? How much data, e.g. accounts, customer information, suppliers or sales files is relevant to their work? More importantly what system do you have in place for when someone leaves? A tech savvy individual can put a redirect on their emails to an external account before they leave which means they can still see what is going on in your company. Not a good idea – especially if they have gone to a competitor.
Passwords, passwords, passwords
This is where you can become vulnerable. Not just because staff use their dog’s name, favourite football team or even passw0rd123. This is when they use a password similar to their work password on an external website. For example, you ask them to order flowers for a sick colleague with the company credit card. The flower shop’s ecommerce site wants a password. They use their work emails and a password similar – not the same – to the one for work but maybe change the O to a zero - 0. The flower shop’s website is hacked and it doesn’t take a genius to then get into your system too.
Updates
How many times have people said to you they are too busy to update their software? Yes, it may mean a reboot but the updates are not there just to add a new widget to your computer. Microsoft engineers are finding and fixing software vulnerabilities every day and it is these vulnerabilities the hackers are looking to exploit. Updates help prevent that from happening.
Phishing
Phishing emails are an attempt to steal your password, video you, redirect your emails and even add a virus to your computer which will only be removed if you pay a ransom – known as ransomware.
These emails look genuine which is why it is so tempting to open them. But never give away information without checking first that they are real. A quick phone call to a colleague who supposedly is asking you to redirect an invoice will save a lot of pain and your company’s reputation in the long run. Windows 10 includes a decent anti-virus which will stop most of this malware, but human error plays a major part in mistakes.
Multi-Factor Authentication
Banks have now begun to do this with transactions and not just those which appear to be larger than normal. So instead of just accepting your transfer of money they will text you a code – Amazon can do the same – to check you are who you say you are. This multi-factor authentication means even if someone has logged in, pretending to be you, they will need the code to take it any further. Hackers like an easy life so if you have MFA they will generally walk away at that point.
And finally...
One of the best things you can do for your business or organisation is to go through the process to gain a Cyber Essentials Certificate. It is a UK government-backed and nationally recognised certification for protecting client data from misuse and cyber-attacks.
It is something we offer to clients and non-clients and shows best practice in the way you hold and use valuable and sensitive information. Most government tenders will not consider organisations which don’t have the certification nowadays, so it is good for business as well as your own piece of mind.