There’s a common assumption that big businesses are the primary target of cyber attacks. In reality, small to medium sized businesses are just as likely to be attacked, if not more so.
Threat actors may assume that smaller companies lack proper cyber defences, and unfortunately, they are often correct.
Recent statistics reveal some troubling figures and paint a rather worrying picture of the state of cyber security in the United Kingdom. A Hiscox study from 2018, for example, detailed how a small business is attacked every 19 seconds. The report also indicates around 65,000 cyber attacks each day.
In 2020, the threat level has not decreased. On the contrary, hackers and would-be cyber criminals are using the ongoing COVID-19 crisis to profiteer from panic and confusion. One example is the convincing HMRC VAT deferral scam uncovered by accountancy specialists.
Other statistics show that small businesses frequently have no dedicated cyber security staff or carry out regular cyber security assessments, despite the clear risk.
Falling victim to a cyber threat is an expensive endeavour, the aforementioned Hiscox report showed that the average cost of an attack runs at £25,700 in clean-up costs. That does not account for the loss of reputation and accompanying revenue loss as clients take their business elsewhere.
Many small businesses simply cannot afford to be attacked, and if they are hit, many will not survive.
Staying secure in an increasingly dynamic threat landscape is a matter of both good digital hygiene and using the right security tools for the job. Below we go over some actionable and affordable ways for companies to up the cyber security ante.
Securing Businesses in 2020 and Beyond: Top Tips for Companies
Generate a culture of cyber security
One commonly exploited factor in cyber attacks is human foible. Companies can take steps to mitigate the risk by establishing a strong cyber security culture. Whether a company has a team of 20 or 200, it’s important that all staff members know that cyber security is their personal responsibility as much as it is the company’s mantle to bear.
Regular training sessions teach employees about common threats and attack vectors, such as email phishing. In addition to training, businesses should have employee-level cyber security strategies outlined and accessible to all staff members. These should be updated if any systems change.
Hire consultants
Because small businesses often lack the budget for a dedicated Chief Information Security Officer (CISO), security consultants should be hired when needed to ensure the company’s systems are as secure as possible.
The initial outlay for consultancy services may seem high, but it pales in comparison to the cost of a data breach or ransomware attack. Once again, if there are adjustments to systems or procedures, companies should hire an expert to ensure their security strategies encompass any changes.
Use security software
Small companies are targeted because threat actors assume they lack good cyber security. To mitigate the risk, it pays to invest in solid security software. In addition to antivirus programs, small businesses also need the following on all company devices:
- Antimalware to cover modern threats such as so-called “drive-by” malware
- Enterprise-level firewall
- DNS protection
- Cloud encryption
Secure Internet of Things devices
The advent of Internet of Things (IoT) technology brings with it an additional measure of convenience in offices and homes across the world. But because IoT involves multiple devices in an interconnected network, the number of potential attack vectors is also increased.
Businesses can secure their office networks by using a VPN on their routers. These devices confer all the benefits of VPN security (encryption and a private network) and cover all devices connected to the router, not just a single device as when using a VPN app.
Backup data daily
Back up any important data in secure offline storage on a daily basis. If the company is using cloud storage, it should ensure it uses a provider that has strong cyber security credentials.
Cyber insurance
A cyber insurance policy is a matter of hoping for the best and planning for the worst. It’s an essential layer of protection for any company that handles sensitive data needs. Good policies cover all risks of cyber attacks including data breaches, website hacks, and scams.
Keep software and operating systems updated
Both software and operating system (OS) manufacturers release updates to patch any vulnerabilities found in their programs. Failing to update either applications or OSs can result in unnecessary holes in a company’s cyber defences.