Cyber security is an incredibly dry yet scary subject. You will read about scary statistics and threatening names such as; malware, antivirus, ransomware etc – along with news articles about the latest cyber attacks, you may wonder how your business will survive.
Working out what is true and what applies to your business can be a minefield. In this blog, we will shed some light on how to decide on how much security your business actually needs to keep it safe, taking into account the size and nature of your business.
Are small-medium businesses at risk of being hacked?
The simple answer is YES. It can be easy to assume hackers would want to target bigger organisations that have more data and money to steal, but those organisations would have put cyber security measures in place to prevent an attack. Therefore, it’s easier to breach smaller systems that aren’t secure.
What percentage of Cyber Attacks target small businesses?
43% of cyber attacks target small business and around 65,000 attempts to hack small- to medium-sized businesses occur in the UK every day.
No one wants to become a statistic, with this in mind, it’s important you have some protection for your business.
Think of it like this. Two houses are exactly the same, however; one has a burglar alarm, CCTV, locks on the windows and doors. The other house has none of the security features and the doors are open and no one’s home. From a criminal’s perspective, they are going to go for the easy option. Your cyber security is very similar, you want the criminals to not think of you as an easy target and have all the protection you need in place.
How can I protect my business from cyber attacks?
In order to protect your business, think of cyber security as a number of layers. The more layers you have, the more protected you’re going to be. It’s very cliché but think of it like an onion, as you peel each layer back there is a protective element followed by another and another.
Basic protection for Cyber Security
Knowing what level of security your business needs, especially if you are a smaller business with a smaller budget, can be difficult. It’s important to do your research but make sure you have at least something in place. The following are the most basic cyber security protection methods you can put in place to prevent a cyber attack, all businesses should have these…
Antivirus and Anti-malware
As a minimum, the most basic level of cyber security, you will want to have an antivirus program in place. If you are not aware of their function, these are designed to detect and remove viruses and other kinds of nasty software. Every device, whether that’s your work laptop or personal tablet, must contain some form of antivirus. Most people have heard of the big names, such as Norton and McAfee, there are many different products to choose from, you just have to decide what works for your budget.
Have you heard of Cyber Essentials? This is a government scheme to help protect your organisation, no matter the size. It’s a certification to show that as a business you take security seriously and will keep your client data safe. Think of it like a security MOT.
In order to be certified, you’ll need to have the right security policies and defences in place to give your business a level of security to prevent a cyber attack. Read more about Cyber Essentials in our blog “What is Cyber Essentials?“.
Once you sign up for this product you will get verified with a Cyber Essentials certification and receive cyber insurance of £25,000 – so not only is your business protected, but if something does still manage to breach your data, you will be able to claim to help support your business.
(Did you know 51% of people use the same passwords for both work and personal accounts).
Are you one of those people, who uses the same password to log into multiple accounts? If so, this is not safe or recommended, it puts all your accounts at risk of being hacked. If one account gets hacked, they all get hacked! Resulting in both business and personal data loss.
A Password Manager makes it possible to create unbreakable passwords and have them at your fingertips without needing to remember them. All passwords will be stored in an encrypted vault which only you can access.
This is a cutting-edge tool that ensures the user is who they say they are – by requiring that they provide at least two pieces of evidence to prove their identity. It adds an extra layer of protection, preventing the relentless cyber criminals from accessing data.
You may have already set this up on personal applications you use, such as online banking or your social media account – when you log in, it sends you a code via text message or email and you then put that code in so you can verify it’s you and access your bank account. Read more about MFA in our blog we wrote “What is Multi Factor Authentication?“.
Cyber Security training is simple yet effective. The most shocking fact is, your employees are the biggest security threat in your business. Think about the confidential information they have access to every day. All it takes is just one click of an email to unleash malware, which will not just be on that PC, it can extend to the whole network.
It’s therefore essential to armor you and employees with knowledge to spot a cyber-attack. Not only will it enhance and solidify the level of protection for your business data, but it’ll give you the reassurance that everyone is prepared for an imminent attack. If this has peaked your interest, you can read more about Cyber Security Training here.
If the unthinkable happens and a criminal does breach your network, have you ever thought about how you might be able to get your data back? Often the cyber criminal will keep this data, use it as ransom and ask for an amount of money for you to get it back in return – this is the dreaded Ransomware. There is no guarantee that you will get back your data, sometimes the criminals will take your money, data, and run with it.
If this was to occur and you had a backup, half of your issue would already be fixed because you can just use the backup to access the data and then get back to work like normal (after making sure the criminal is out of the system and further security measure have been put in place of course).
Did you know that Microsoft Office 365 doesn’t backup any of your data? It’s definitely worth looking into whether your data is currently backed up. Even something like a system crash or hard drive failure could lead to you losing all you data and unable to get it back. Backing up your data is no joke, learn more about why it’s important here.
Advanced level protection
The deeper we get into the layers of that onion, the stronger and more pungent it’ll get. This is similar to the deeper layers of cyber security protection, as we get deeper, the more protected and secure the business will be.
There are more advanced security products that you can have for your business, which is more applicable for businesses that deal with very serious information that could cause catastrophic implications if broken into. An example of this is:
Security operations center
Sentinel One is a behavioural based system, that learns how you as a business (as well as the individuals within that business) work on a daily basis.
It monitors activity on your computer so that any out of the ordinary behaviour is detected, which is then flagged to your system administrators.
In the meantime, the devices will self-defend and heal themselves, and rollback. This means that the device is then restored back to a point before the abnormal behaviour was detected, meaning you can continue as if the attack had never taken place.
SOC (Security Operations Centre)
The Security Operations Centre, or SOC, is a group of security professionals in an Operation Centre that respond to any threats found on your system (PC/laptop).
Once Sentinel One has detected an issue, it will be flagged to SOC. They will isolate your device from the network whilst they investigate and remediate it.
The SOC professionals will remediate threats, whether this is rolling the device back to a previous state before the threat was identified or isolating the device so that other machines remain unaffected whilst a replacement unit is sourced.
Cyber Security can be an incredibly uninteresting subject to investigate, but it’s essential for the safety of your business. Do you have more understanding of what level of security your business needs? Contact your local cyber security company provider and see how they can help you.
As an IT services provider who takes Cyber Security very seriously, contact us and we’d love to assist you – call 01273 806211 or email [email protected]