Headline grabbing security breaches are always the ones involving big names in business – Facebook, Equifax, Yahoo and suchlike. This could lead one to believe that hackers target only large corporations.
Nothing could be further from the truth. It’s only the big names that make the headlines. Your small business is just as likely to be the victim of a security attack with potentially devastating consequences.
Small businesses may not have the software and security that larger companies have. SMEs are less well-capitalised and equipped to ride out the costly aftermath of a data leak. The financial cost of remedial work is matched by the reputational damage to business, and the combination can destroy a small business.
What Data Do Small Businesses Underestimate The Value Of?
Small businesses typically believe that, because they are small, hackers have no interest in them or their data. They do not realise what valuable data they possess. Criminals value details about employees, customers and suppliers as well as accounting information and even intellectual property including R&D data. There is a buyer for every type of data.
UK Government Free Advice
An excellent starting point for every business, both large and small, is the UK government’s Cyber Essentials initiative run by the National Cyber Security Centre (NCSC). That demonstrates how seriously the government takes the whole issue of security for businesses.
Another UK government resource is Cyber Aware which describes its aims as “…to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours to help protect themselves from cyber criminals.”
Top Tips That Don’t Cost A Fortune
Small businesses simply cannot afford the many skills and security roles that a larger corporation can, nor can they deploy expensive physical network infrastructure appliances. However, the most effective measures are quite basic and highly cost-effective.
- Institute a strong password policy – for example, three words that are not relted but are easy to remember, such as coffeehooverEnders, including some upper-case letters as well.
- Deploy two-factor authentication – that means a combination of some information known only to the user, such as a password, along with a one-off piece of system-generated data that can be texted to the user’s phone to authenticate the login attempt.
- Keep software and apps up to date – this ensures that the latest security patches are always deployed to your devices.
- Train your workforce in security awareness and run frequent refreshers & updates – awareness is a massive part of security and critical for successfully deflecting phishing attacks and social engineering.
- Prioritise back-ups – ransomware locks you out of your data, so having a back-up means you can get back in business quickly.
Download Our FREE Secure Asset Disposal Guide
Disposing of IT devices represents a data security risk too, unless it is carried out professionally. It pays to be aware of the risks so you can defend your business against a security breach. Download our free guide The 6 Hidden Dangers of Non-ADISA Accredited IT Recycling and take the first steps today.