Research by internet service provider, Beaming reveals that UK businesses were subject to an average of 180,714 cyber-attacks each from April to June 2024 alone. While many attempts were stopped by firewalls and other defenses, this figure is still a 5% increase on the same timeframe in 2023.
Despite this, and due to limited resources and expertise, many entrepreneurs may still underestimate the importance of robust cyber security measures. However, the repercussions of a data breach can be devastating, leading to financial loss, reputational damage, and even legal consequences.
The 2024 UK Government Cyber Security Breaches Survey reports that in the last 12 months:
50% of small businesses and 32% of charities were hit by a cyber-attack or breach
Phishing was the most common type of breach or attack, affecting 84% of businesses and 83% of charities
31% of businesses and 26% of charities undertook cyber security risk assessments
In this blog, we’ll explore some of the essential elements of cyber security for small businesses, providing practical tips to assess your current defenses and strengthen your online security posture. Whether you’re just starting out or looking to enhance your existing measures, it’s crucial to stay informed and proactive in safeguarding your business against cyber threats.
How could my business be at risk of attacks?
Cyber-attacks can occur through various methods, often exploiting vulnerabilities in computer systems, networks, and user behaviours. Hackers may use phishing emails to trick individuals into revealing sensitive information or downloading malware.
Other tactics include ransomware being deployed, which locks users out of their files until a ransom is paid. Additionally, attackers may exploit outdated software or unsecured networks to gain unauthorised access, so it’s crucial to implement robust cyber security measures to protect against these evolving threats.
It is important to understand that investing in cyber security is not just an option but a necessity for every business. The basics are often free or low-cost to implement but are highly effective.
Here are 10 preventative measures to help reduce the risk of cybercrime methods and attacks:
Strong passwords. It’s critical to use different passwords for each account you log into. Reusing them makes it light work for a cybercriminal to crack. The National Cyber Security Centre (NCSC) recommends using three random words, a combination of uppercase and lowercase letters, numbers, and symbols helps make it more complex.
Password managers. Don’t be tempted to write your passwords in a notebook! A password manager will remember and store them securely for you.
Think before you click. If you can’t verify the legitimacy of a dubious looking email or text message, don't click any links or attachments as they can contain viruses that download onto your computer, or swipe personal information. Send them to the Suspicious Email Reporting Service: report@phishing.gov.uk and forward any suspicious text messages to 7726.
Enable two-factor authentication (2FA). This makes sure that any new device trying to sign in or make changes to an account requires an additional layer of security before access is given. 2FA includes single-use codes being sent via SMS, email, phone, or smartphone application.
Software updates. Installing the latest updates can stop criminals from exploiting faults in old systems or software. You should promptly apply updates to your apps and device software when notified as they also include protection from viruses and other kinds of malware.
Data backup. Create backups on a regular basis and keep them in a separate location from your network and systems, for example on a removable device like a USB stick or better still, in the cloud.
Use a virtual private network (VPN). Public Wi-Fi networks aren’t guaranteed to be secure, so using a VPN helps mitigate risks. It encrypts the internet connection to make sure sensitive data is transmitted safely from a device to a network and vice-versa.
Review permissions and access controls. Ensure that it’s only necessary individuals who are permitted access to sensitive information.
Monitor your social media account activity. Keep social media platforms secure by making sure you know who has access and which devices are signed into each account. Look out for any unusual activity, such as unexpected posts or failed login attempts. If you have any concerns, change your password immediately.
Get more guidance. The National Cyber Security Centre’s (NCSC) Cyber Security Guide for Small Businesses is a great resource for learning more about the basics.
Need further support?
The Cyber Resilience Centre for Wales (WCRC) is here to help. The centre itself is a small business set up by policing in partnership with the private sector and academia. We have the collective goal to raise cyber resilience awareness across the Welsh business community.
We keep things simple, using plain language and tailoring our guidance towards those with limited cyber knowledge to help break down any barriers that may prevent businesses from improving their defences.
Cyber security can be complex and costly, but the WCRC offers a free membership option, which helps decision makers understand the most common cybercrime risks. We also provide affordable services for those with additional requirements.
If you have any questions and would like to discuss your current cyber security stance, please contact us.
Comentários