Securing Your SME in an Online World

Image

On average, UK businesses lose around £30 billion every year as a result of cyber crime. Unfortunately, the risks are only getting greater and more prominent. Now is the time for you to act. Here are four vital tips for securing your SME in an online world.

Identify All Threats

“Cyber Risk Reviews must consider your IT in your facilities such as AirCon, Lifts, Doors, Alarms & CCTV, not just networks.” – Cevn Vibert, Industrial Cyber Security Advisory Director at Vibert Solutions

How secure are you systems? A cyber security audit is a good place to start. Explore all threats to your business, both internal and external. It’s important to keep up-to-date with the latest cyber threats; this will help you mitigate risks before becoming a victim. Scrutinize your company’s current procedures and ask yourself some important questions:

• Is your data regularly backed up?
• Are your devices protected?
• Is your network protected from malware and viruses?
• Do your employees know how to handle phishing attacks?
• How effective is your password policy?
• Do your employees implement your security policy effectively?

Make Cyber Security a Business Priority

“Don’t wait for an incident to occur, act now to protect the network and assets within it. Failure to do so can have significant impacts financially and impact the reputation of an organisation to a degree which they may not recover from.” – Dan Driver, Head of Perception at Chemring Technology Solutions

Once the risk assessment stage is complete, it’s time to build a business cyber security policy. Don’t underestimate the importance of communicating this effectively to your staff, contractors and supply chain. Here are a few areas that should be covered in your risk management policy:

• Data shared with third parties should be protected from unauthorised access, modification or deletion
• Suppliers and contractors should not introduce unmanaged vulnerabilities to the network
• Outline all threats identified to employees
• Explain how employees can mitigate risks
• Provide necessary networks and technology for your security needs
• Raise awareness company-wide of the importance of cyber security
• Train staff and maintain a security-conscious culture

Leveraging Existing Schemes

“The most important stuff isn’t complex. Getting the basics right with Cyber Essentials can greatly reduce the threats.” – Richard Bach, Co-Founder and Director at XQ Cyber

If you’re clued up on the best practices for securing your business, there’s plenty of help out there. You can take part in many different online training schemes and certified courses. A recommended place to start is the government-backed Cyber Essentials scheme. When implemented correctly, this can prevent up to 80 percent of all cyber attacks. This scheme is specifically designed for SMEs and includes a self-help guide to walk you through securing your internet connection, devices, software, data access and virus/malware protection.

Assume You Will Be Hacked

“Prepare and test a plan to identify, communicate and recover to ensure you can rapidly resume business with limited impact.” – Sam Smith, Head of Digital Risk and Security at Cadent Gas Ltd

Take a proactive, not reactive, approach. Nearly all businesses are potential victims of cyber crime. By making the assumption you’ll be targeted, you can scrutinize your systems and plans in a new light. Consider how your business will cope during periods of down-time. Look at your processes of securing customer data. How much would be lost or compromised in the event of an attack? It’s vital that you craft a policy for dealing with cyber attacks; this should cover all potential vulnerabilities and the actions you will take to mitigate any impact. If you’re interested in finding more SME help and guidance like this, subscribe to Innovate UK’s YouTube channel here. Additionally, you can follow @InnovateUK on Twitter here.   Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.