When most of us think of businesses being targeted by hackers, we mostly think of massive corporations like Sony and Apple being targeted. But what’s covered in the news isn’t always reflective of reality. In this case, the reality is that the majority of businesses targeted in this way are small ones.
According to the UK government’s Cyber Security Breaches Survey 2020, nearly half (46%) of all business had identified breaches over the previous twelve months. The proportion, to be sure, is higher in large firms than small ones (75% to 62%). But given that smaller firms are more numerous, and less capable of identifying when a breach does occur, it’s fair to say that cybercrime costs small businesses in the UK billions each year.
Hackers, like burglars, are mostly interested in low-hanging fruit. They won’t target businesses that take IT security seriously, as they know that there are superior rewards to be gleaned from going after those which don’t. So how can businesses guard against the threat?
Virtual Private Networks (VPN)
The arrival of the novel coronavirus prompted a surge in working-from-home practices for businesses across the country. This presents an opportunity for third parties looking to intercept data being sent across the internet. A VPN helps to guard against this by creating a secure and encrypted connection.
Frequent, automated backups help to maintain data security. Ideally, these backups should be stored offsite – this way, they can’t be destroyed by a fire, flood or other disasters. Backups also help to protect against ransomware attacks, wherein an attacker will steal data and then demand payment for its safe return.
If you’re using cloud-based infrastructure, then you’ll need to choose services with a track record of taking security seriously. Trustworthy platforms will put in place multiple safeguards, which are enormously helpful when you’re accessing data remotely. Ideally, look for services that are accessible only using two-factor authentication.
If your company is dealing with thousands of transactions every second, then it might be impractical to determine which ones are fraudulent are which aren’t. This is an area in which AI can help – fraud detection using machine learning can help to root out suspicious transactions without adding to your wage bill.
If your staff aren’t adequately trained in how to guard against cybercrime, then no amount of technological tools is going to help you. A majority of successful cyberattacks come about not through direct hacking, but through employee naivety. There’s only one remedy here, and that’s training: employees should be made aware of the shape of the threat, and of where the most common points of failure are to be found.
Phishing schemes are a growing threat; as they become more sophisticated, employees become more likely to fall for them. With just a few hours of training and case studies, you could potentially save your company from an expensive data breach.
The passwords that we come up with on our own tend to be either weak but easy to remember, or strong but difficult to remember. Many staff members might resort to using a duplicate of a password that they already use, but this can represent a security breach. A password manager provides a remedy – it’ll compose and remember secure passwords on your employees’ behalf securely.
Keeping everything updated
Antivirus software is constantly evolving in order to contend with the evolving threat posed by malware. Specifically, it keeps a list of definitions – fragments of code recognized to be malicious. When these fragments are identified, the associated files are blocked and quarantined, protecting the rest of your system. But this can only happen when the antivirus is kept updated regularly.
The same applies to the rest of your software and special consideration should be given to your operating system. Microsoft issues major updates for Windows twice yearly, and minor updates nearly constantly. Make sure that all internal systems are updated regularly, and reinforce the importance of software updates to your staff, too.
Worry about physical threats
Cyber attacks don’t just come down an ethernet cable. They can also be introduced using physical devices, like USB drives and optical disks. Much of the time, the person carrying the storage drive might not even be aware of what they’re carrying. For this reason, it’s important to form a security policy when it comes to ‘Bring-Your-Own-Device’, especially if contractors are frequently coming onto your premises.
Even the best-protected companies will often find themselves falling victim to an attack, as cyberattacks evolve. What’s important is that you’re able to recover quickly, and you’ll only be able to do this if you have a well-defined plan for communicating and escalating a potential emergency. Remember that as the attacks evolve, best practices for tackling the threats will too. What’s important is that you pay attention to the changes, and adapt your company processes accordingly.
Interesting Related Article: “Top 5 Advantages of Cloud Hosting“