High profile data breaches at large corporations like Yahoo, Equifax, Target and Sony Pictures have hit the headlines in recent months.
But small businesses are also exposed to cyber attacks.
Increasingly sophisticated ransomware attacks, phishing scams and the hacking of sensitive information can affect any business, regardless of size, potentially resulting in costly customer lawsuits, government fines, IT repair bills and bad publicity.
Ransomware is a malicious software that takes over a computer or system and encrypts data so that it cannot be accessed, with the hacker demanding money to decrypt and restore access to the data.
Phishing is an email, phone or text message purporting to be from a legitimate source to trick the recipient into providing them with sensitive data such as personally identifiable information, banking or credit card details, or passwords.
The need for improved cyber security has only been heightened by the European Union’s General Data Protection Regulation which came into force in May.
The requirement for businesses to be Cyber Essentials accredited for Government contracts and some private sector tenders has further added to the pressure on firms to conform.

Cyber exposure

According to the Government’s 2017 Cyber Security Breaches Survey, 45% of small businesses identified a cyber security breach in the previous 12 months.
Another recent survey of 200 small business owners by business support specialists The Alternative Board found that only five percent of CEOs said their companies were fully secure against cyber attacks.
More than half of respondents reported being attacked by cyber criminals, but fewer than half had measures in place to protect their business against them.
Furthermore, 11% of CEOs said that their firms would become unprofitable in less than a week after a cyber attack.
Despite many companies investing heavily in anti-virus software, hackers still find ways of getting around it.
One of the most popular is file-less malware attacks to launch valid applications and use them to manipulate external systems, gather data or even use your systems to launch a broader attack on a larger organisation.
Even if you have the best security defences, there’s also no accounting for human behaviour and staff being duped by bogus emails or messages.
So what can you do to protect your business against cyber attacks?

Mitigation techniques

Here’s a list of the steps you can take to future-proof your company:

  • Review your IT security practices and update them regularly
  • Call in an expert to audit and evaluate your security procedures and provide recommendations
  • Train your employees in cyber best practice and ensure they understand your policy on IT security
  • Keep your software regulated updated
  • Back up important information online with a program that enables you to see different versions of your files
  • Protect your devices with a commercial grade cloud-based security software or firewall that updates every few minutes, requires no user input and reports on potential network threats
  • Password protect all of your devices
  • Use strong passwords and two-factor authentication (password and PIN)
  • Never leave laptops, phones or tablets unattended or in vehicles
  • Think carefully before sharing information and only provide sensitive data over encrypted websites with https in the URL; encrypt data on wireless networks by using WPA2
  • Adopt payment card best practices
  • Use virtual private networks on unsecure airport or hotel WiFi networks

Layered approach

A layered approach is the best way to tackle cyber attacks, to cover any cracks.
By using an anti-virus on your computers you can identify and filter out any ransomware attack sent by email.
You can also use block any viruses that lurk on websites that your employees visit.
Only give employees access to data on a need to know basis, encrypting devices with sensitive data in case they are lost or stolen and blocking access when their contract is terminated.
Staff should also be taught to never download files or open emails from unknown sources.
If they are unsure they can escalate it or consult an external cyber security expert.
You can follow this up by testing them through sending out fake phishing emails.
Finally, have a disaster recovery plan in place in the event of a cyber attack that shuts down their entire system or causes major disruption.

Are you fully protected against cyber attacks or do you need help with your IT security? Give me a call on 07775 601969, email me on info@pathfinderpm.co.uk or visit www.pathfinderpm.co.uk