How you can safeguard your business from cybercrime

Damage caused by cybercriminals can be devastating for an SME and, in 2016, as the criminals become more and more sophisticated, there is no room for complacency - the threat of such an attack is very real.

Here, Warwickshire Trading Standards outline the measures which SMEs can take to help stay secure from cyber-attacks.

According to a recent report by The Centre for Economics and Business Research, cybercrime could be costing British businesses a massive £34 billion a year.

The number and severity of attacks on small and medium-sized businesses continues to rise as cybercriminals use a variety of means to penetrate IT systems. Weak security systems and a lack of staff training, awareness or vigilance can all contribute to a company falling victim to cyber-attacks.

The consequences for an SME can be devastating. Websites can be crippled, customer data stolen or destroyed and consumer confidence in the business wrecked.

Warwickshire Trading Standards (supported by funding from the Police and Crime Commissioner) has been working with Warwickshire SMEs to help them negate the cybercrime threat. The service has already run two ‘Phish and Chips’ cybercrime prevention seminars for small and medium-sized Warwickshire businesses in Warwick and Nuneaton. Another event is planned for Spring 2016 in the Stratford-upon-Avon area.

Businesses which attend the seminars receive an overview of the dangers posed by cybercriminals with advice from industry experts on the practical measures they could take to protect their IT systems and train their staff. Successful cybercrime attacks don’t always result from the activities of hackers exploiting weaknesses in business software - untrained staff downloading a virus hidden in an innocuous email can easily open the business up to a cyber-breach.

At the seminars businesses are also treated to a ‘live hack’ by experts using tools readily available on the internet to gain access to the website of an audience member.

To register your interest for Phish and Chips Stratford, please phone Warwickshire Trading Standards on 01926 414016 (9am to 5pm Monday to Friday) or email tradingstandards@warwickshire.gov.uk, marking your email ‘Phish and Chips’.

Warwickshire Trading Standards has also produced and distributed a top ten tips to avoid cybercrime and has encouraged businesses to become ‘Cyber Essentials’ Certified. ‘Cyber Essentials’ is a Government-backed and industry supported scheme to help organisations protect themselves against common cyber-attacks.

Cyber Awareness information for business was also circulated to all Warwickshire Businesses via Business Rates invoices.

Follow our ten tips and make a start toward protecting your business from online fraudsters.

1. Ensure the computers you use have a firewall that is turned on and anti-virus software that is up to date. Businesses may wish to consider using software designed specifically for business, as opposed to that commonly used by consumers. Secure your wireless network.
2. Keep all your software up to date. When companies find vulnerabilities in their software, updates are used to patch these security holes. Keeping the software running on your computers up to date will help you to protect yourself from malware.
3. Back up all your data so it can be easily restored if something goes wrong.
4. Use strong passwords. All passwords should be at least eight characters long and should incorporate both letters and numbers. Use different passwords for each account, and change them regularly. Do not share passwords or write them down where other people could access them.
5. Limit staff access to online accounts to only those who really need it.
6. Train your staff. Many frauds happen because staff fall victim to phishing and similar scams, allowing fraudsters to download malware on to a business’s computers. Malware can then automatically capture passwords and credit card numbers. Have clear and concise procedures for email, internet and mobile devices. Staff should also be kept up to date on the latest scams.
7. Security test your business website on a regular basis.
8. Ensure your business has a contingency plan if it falls victim to cybercrime and test these regularly.
9. Keep your business computing and personal computing separate. Do not allow your staff to use using your business computers for personal use, for example accessing social media websites, checking personal emails or surfing the web. We are all likely to be less vigilant when using computers for personal use, increasing the threat of a successful cyber-attack.
10. If you are using cloud services to carry out your business, check the provider’s credentials and the contract you have with them.

There is further advice and information on the Internet.

• Sign up to our weekly scams bulletin: warwickshire.gov.uk/scams
• More cybercrime advice is available: getsafeonline.org/businesses
• Report cybercrime to Action Fraud: actionfraud.police.uk
• Legal advice for business:businesscompanion.info
• Cyber Essentials: gov.uk/government/publications/cyber-essentials-scheme-overview