With the start of the new year, what can SMEs do to improve their cyber security?
Have you considered whether your small business is at risk of being hacked? According to a poll on Manta, a frightening 87% of small business owners don't think so. However, there might be more at stake here than you realize. Approximately half of SMEs experience a cyber attack of some form and this is because SMEs have a moderate amount of data with minimal security. Hackers are drawn to small business’ for this reason so they can use stolen data to benefit themselves. Your business is most at risk when it is unprepared.
Sam Nixon, Product owner from Decoded states - “You can’t afford ignorance at this point.” Cyber Attacks can have a material impact on your business so it is important to take the decision to be prepared.
Implement these 5 resolutions in your workplace for a more cyber secure 2018.
1. Have a security policy and educate people
Awareness is the key to being best prepared and therefore you should be providing relevant training for all of your employees. Always plan ahead and be wary of times the company might be more vulnerable. For example, bank holiday weekends can be a common time for hackers to attack due to less people being in the office. Work with your tech team to figure out a system so you know when you’ve been breached. Make sure you not only prep your tech department but also the comms team. They will be the people communicating the situation to your customers, so they need to know how best they will deliver that information.
Technical solutions are important, but having an overarching cyber security policy is crucial. Make sure you and your employees know what this policy is inside out. Having a procedure in writing will allow you to have steps to follow to keep in control of situations as they evolve.
Make sure your employees are familiarized with the types of language used. Circulate the information and have a short doc for introducing these new policies and services which everyone in the company has access to. Stipulate these expectations in the contract when hiring new people. When it comes to hiring freelancers make sure they’re also familiar with secure working practices.
2. Change passwords once or twice a year
You don’t need to be changing passwords every month. This is impractical and will inevitably lead to falling into bad patterns. 90% of companies will use their company name and a number. Carry out a password hacking exercises - if you can crack your colleague’s passwords then someone else will also be able to. This may be an eye-opening exercise towards understanding your own points of weakness.
3. Do a drill twice a year
Just the same as you would do a fire drill, have a drill for if you were to experience a cyberattack.
What are the operations of your different departments when a crisis happens? Simulating a breach can be a really effective way to prepare.
Do you know how you would handle a breech? There can be various types of breeches. Try running some different scenarios, whether it be losing control of a particular system, malware viruses or a swatting attack.
Do your employees know how to spot a phishing email? Similarly to guessing your colleague’s passwords, go one step further and try hacking your colleague’s accounts. Nixon suggests companies try phishing their own staff as a test.
4. Embrace workplace cultural shifts appropriately
In the last few years, there has been a paradigm shift in the way we approach issues of security. Locking up physical objects is dead - data is now a more valuable asset to get a hold of and there are various backdoor routes to getting access.
As workplaces become more and more decentralized with a growing remote workforce, companies are now having to secure people all over the place. With this cultural shift, the lines are becoming increasingly blurred between personal and work habits. Poor cyber security practices in our personal life could easily slip into the workplace.
Make sure you are implementing adequate security related to mobility. Having a behavioral focus on improving security is key. Are you reviewing the behavioral patterns of your remote workforce? Is the Wi-Fi location secure and is it’s access limited? Send regular updates to your team and make sure they are backing up appropriately. Two factor authentication is an easy way to add another layer of security to your account sign-in process.
5. Honesty is the best policy
We spoke to Rowan Davies, Head of Policy and Campaigns from Mumsnet who experienced a spat of cyber and ‘swatting’ attacks in 2016. She reassured us that “we all have terrible security habits” and went on to say “don’t be ashamed and admit vulnerability - this isn’t about people being stupid; it’s about recognizing the risks.” Creating a more inclusive and open work environment where people feel comfortable to voice concerns and admit to mistakes over cyber security is the best thing a company can do.
Claiming you have more knowledge than you do is dangerous. These situations can develop and if users realize that you are less in control than you’ve communicated, then it will lead to them losing trust in the company. Transparency and an open culture are more valuable to you. Create an environment where employees can feel comfortable to report that they might have clicked on a phishing link.
By implementing these 5 cybersecurity basics, you can prepare your business for cyberattacks. Building up your SME’s cyber security is vital to its survival. As Sam Nixon puts it - “Cyber Security is the core of business.”
For more useful insights on improving your cyber security and for other related content visit the Okappy blog.
Author: I believe business can be a force for good, but all too often work ends up being painful as companies are overloaded with admin, paperwork and masses of emails. My mission is to improve the working lives of construction companies, giving them complete control of every job every step of the way and have some fun!