Cyber-crime is a real risk to business and something we have blogged about numerous times as we consider it an issue that businesses of all sizes must take seriously.
British Airways recent cyber-attack which saw hackers harvest details of over half a million of their customers is just another high-profile example of how cyber criminals are targeting businesses and stealing data. British Airways is also facing a fine of more than £183million for the data breach as a result of more stringent data protection regulation under the GDPR.
As an SME, whilst a cyber-attack may occur on a smaller scale than the one British Airways suffered, the effects on your business can still be significant – data breaches, reputational damage and financial fines are just some of the consequences. Whilst you can’t totally eradicate the risk of cyber-crime there are steps you can take to help prevent the likelihood of your business falling victim to a cyber attack
Be aware of the types of cyber threat you could face
To stay ahead your business first needs to acknowledge that cyber-crime is a risk to your business. Whilst high profile attacks like the British Airways example reach the news, cybercrime is also prevalent for SME’s. 2018 government figures suggest that almost half of small businesses suffered a cyber-attack in the past year.
Likewise, the types of cyber-attack being used are constantly changing so having someone in your business who keeps up to date with the type of attack you could be facing is worth considering. Our recent blog looks at the types of cyber threat you may face in 2019.
Don’t neglect simple security
Whilst it may seem simple and something which people always talk about it is so important to think about passwords:
– Use strong passwords which aren’t easy to guess
– Update default passwords set by manufacturers
– Don’t encourage staff to share passwords
– Consider two factor authentication
Train your employees in cyber and data security
Many cyber-attack strategies target the fact that human error occurs – clicking a link on a phishing email, providing details to someone posing as an employee, through to not securing data sufficiently.
Staff training has never been more important. Staff need to be aware of what a potential phishing email may look like for example. Your culture needs to encourage people to speak up and question things that don’t seem quite right. Likewise, make sure your employees understand that it is everyone’s responsibility, not just the IT departments.
The importance of software updates and anti-virus
Your software selection and maintenance will play a big role in your cyber security:
– Have an anti-virus system in place which can detect and protect you against malware
– You may need to consider an anti-virus set up for tablets and smartphones used in your business
– Make any updates released for the software that you do have in place. Software developers are often releasing updates to increase the security of software or solve issues which have been identified.
– When it comes to apps, make sure updates are also made and only download from approved stores such as the Apple Store or Google Play.
– Limit use of USB sticks and memory cards as they can be a common method used to spread malware.
At Anthony Jones we advise all of our clients to look at their business insurance and ensure that all of their potential business risks are covered. Cyber insurance is one element of that which is becoming more talked about and accessible. We can work with you to help you understand the types of risk your business may face and identify whether it may be beneficial for you to have cyber insurance as a part of your business insurance.