Today, the 30th November is Computer Security Day. Originally beginning in 1988, the aim of computer security day is to raise awareness about computer security.
And this could be no more important than it is today with the significant rise in cyber-attacks taking place against businesses of all sizes. As well as the increased focus that new regulation such as GDPR now places on businesses to protect their data.
This computer security day we focus on why the risk of cyber-attack should be something which all small businesses account for in their disaster recovery plans and simple steps you can take to reduce your vulnerability to a cyber-attack.
What is the risk of cyber-attack to SME’s?
Many sources suggest small and medium sized businesses as just as at risk of being the victim of a cyber-attack as large corporations.
In fact, a recent study by Hiscox found that 63% of medium businesses surveyed had experienced one or more cyber-attack in the past year. This was 47% for small businesses (less than 50 employees).
These figures show the risk is a real one and one your business must be aware of.
Cyber criminals may target SME’s because they believe them to have fewer resources to invest in IT security strategies. Whether this is the case or not, there are some simple steps you can take to protect your business.
What steps can you take to protect against cyber-attack?
It is easy to think that protecting against cybercrime requires significant investment but there are some relatively simple steps you can take to help minimise your risk:
Use strong passwords – make sure all employees across your business use strong passwords which can’t be easily guessed. Don’t encourage staff to share passwords – if they need access to a tool which requires password access then give them their own account. You may also want to consider two factor authentications to further strengthen security.
Keep your software up to date – make sure you make any software updates that are released by software developers. They often release updates to patch vulnerabilities in their systems. By not making these updates you could be leaving yourself open to attacks.
Make sure your IT policy limits use of USB sticks and memory cards as these can be a common method used to spread malware.
Educate your staff – many cyber-attacks target human error. Phishing techniques for example rely on staff mistakenly clicking a link. Make sure that your staff understand that cyber security is the responsibility of everyone, not just your IT department. You should also ensure that your culture enables staff to speak up if they do not think something looks right. For example, questioning if they receive a data request which they are not comfortable with.
Put cyber protection in place – make sure you have an anti-virus system in place across your network. You may want to consider extending this to smartphones and tablets if you make use of these in the running of your business. Update any apps when they become available and only download apps from approved stores such as the Apple store or Google play.
Consider cyber insurance – cyber insurance policies are now available from many insurers and an insurance broker would be able to advise you on the type of cover and suitability for your business. Whilst all policies vary, cyber insurance will typically provide against risk such as cyber related business interruption, costs of damage caused by hackers, support in the event of a cyber breach and ransom costs.
Why should you include cyber-attack risk in your disaster recovery plan?
The risk of cybercrime should be a business issue. Not only a concern of the IT department.
Suffering a cyber breach can affect all areas of your business – your reputation if data is compromised, your ability to access your customer service systems if your network goes down through to the ability to run your business if you are the victim of a ransom attack.
Therefore, it is not difficult to see why it is something that should receive focus in your disaster recovery plan.
The reliance that businesses place on their IT systems to do businesses is constantly increasing and for many they play a central role. Giving prior thought to how you would respond and cope if you are the victim of a cyber-attack can reduce the sense of panic if the worst should happen.
If your business relies on IT systems in the running of your business, it may be worth considering the services of a specialist in disaster recovery like First Recovery. We can provide support to your business at time of disaster, including relocating you to a recovery centre and providing back up IT systems. Get in touch with us today if you have any questions about how we could help your business.