There’s no getting away from it: poor cyber security can be costly - even terminal - for your business. It can take just a single breach to spell disaster.
Yet 39% of businesses suffered a cyber breach of some kind in the 12 months to March 2021 - the percentage of medium-sized businesses was significantly higher, at 65%.
Even if you’ve invested in cyber security, there’s probably a lot more you could be doing to better protect your business and its assets (not to mention your staff and customers).
In this article, we’ll share seven ways you can shore up your defences and breathe a little easier in the knowledge that you’re better protected from cyber attacks.
How your cyber security can be improved
You may think that cyber vigilance is something that only the larger organisations need to worry about, but that’s a flawed belief. Your business gathers and retains sensitive data and you will deal in transactions worth thousands or tens of thousands of pounds that hackers would love to get their hands on, so you need to ensure your defences are just as bulletproof as any other company’s.
Here are some steps to improve cyber security for your small-medium sized business.
1. Ensure your firewalls and monitoring systems are up to date
A firewall is an essential line of security for your business, preventing unauthorised sources from accessing your network, files and data. The firewall effectively acts as a filter which stops unwanted traffic from entering your network, keeping your files and data secure.
Firewalls can also be useful when your workforce is remote, allowing them secure access to files and folders without the risk of an unwanted source breaching the line of defence.
Consider using a managed firewall service, which can help you to diagnose issues earlier and prevent attacks from taking place.
2. Enable multi-factor authentication
Multi-factor authentication (MFA) is an enhanced security system that uses two or more separate methods to validate a user's identity as they log in to a platform or network. This is usually in the form of a password, alongside a secondary piece of data like a code provided by an additional device (like a text message to a mobile phone). MFA should always be set on for cloud email and file systems such as Microsoft 365 Exchange and SharePoint, and Google Workspace, GMail and Drive.
However, to bolster your security and avoid unauthorised users accessing your systems, you should enable MFA on your other cloud systems (such as your CRM database, accounts software, etc) and also on your end user devices such as your staff’s Windows logins.
This will drastically reduce your chances of suffering from a breach; in fact, Microsoft research suggests that using MFA means you are 99.9% less likely to suffer from a compromised account. That’s a huge return for what’s a very simple process to implement and use.
3. Invest in managed antivirus software
It almost goes without saying that antivirus software is a necessity for businesses, and is a key part of your defence against cyber crime.
However, just installing an antivirus product and leaving it isn't enough. You need to make sure it's the current best antivirus product (or at least one of the best, as over time some become less effective).
Additionally, you should ensure it's up to date with the latest information regarding current viruses, and make sure someone is watching for and dealing with any alerts from the software. Of course, this is a time-consuming role, so a managed antivirus service can help you to mitigate the risks of a cyber attack without worrying about 24/7 monitoring - your provider can take care of that for you.
4. Implement anti-phishing protection
You’ve seen phishing emails: the ones that, at first glance, look like a legit message from a provider or another company you deal with. They usually contain a link and ask for personal details and/or financial information.
In some cases they can be hard to spot, but you may be surprised to know that up to 20% of your workforce* are likely to click on a phishing email link, and of those, a huge 68% would enter their details.
Opening these emails can lead to malware being installed on devices, while entering details into suspicious sites is a clear breach of security. Companies are also seeing a rise in phishing emails, with 3.4 billion sent every day^ worldwide. These lead to 90% of all data breaches.
To combat this malicious activity, you can implement anti-phishing protection. This is an intelligent system that uses artificial intelligence (AI) to identify, filter and highlight such emails entering your network system, reducing the need to rely purely on human intervention.
5. Use dark web monitoring
The dark web is a part of the internet and made up of hidden sites that you can't find through conventional web browsers. It is only accessible through browsers and search engines designed specifically to find and use these hidden sites.
Sites on the dark web use encryption software so that their visitors and owners can remain anonymous and hide their locations. As a result it’s home to a huge amount of illegal activity including everything from illegal drug sales to illicit pornography and stolen personal information such as credit card or account login details.
A dark web monitoring service will identify whether any user passwords or other information has been obtained and is being made available to cybercriminals. This will act like an early warning system by helping to mitigate the effects caused by a security breach.
6. Provide regular training for team members
There’s no way around it: when it comes to cyber security, the weakest link is people. That means you and your staff. It’s not deliberate, but a simple mistake - such as clicking a link on a phishing email - can have catastrophic consequences, especially for small businesses.
To overcome this, it’s important that cyber security is taken seriously within your business, and clear information is made readily available to your staff and employees. That includes comprehensive training that helps them understand the different types of attack and how they can reduce threats and mitigate risk.
It’s important to remember that cyber criminals are constantly using new and more sophisticated methods, so training can’t just be a one-off. Invest in an ongoing training programme that refreshes and educates your teams on the importance of good cyber security. This doesn’t need to be a costly process — there are automated systems that can be put in place to regularly test and train staff.
7. Minimise risk by using a web filtering system
There are many malicious websites on the web, and unfortunately it can take only one click for disaster to strike. To better protect your staff (and your business) from nasty websites, you can use a web filtering system to control user’s access within your organisation. This means you’re able to dictate the types of website they can visit and reduce the chances of them landing on a suspicious one.
Start taking cyber security seriously!
Whether you’re doing the bare minimum or you’re actively strengthening your defences, there’s always more you can do to protect your business online. Of course, more security systems and services will require additional investment but the cost of not doing more is likely to be far greater.
Following the tips in this guide will stand you in good stead now and moving forward. It’s a constantly changing landscape, so be sure to regularly review your software, tools and services to ensure they’re doing what they should and offering adequate protection.
If you’re looking for more detail, download our free ebook, Protect, React, Recover: A Guide to Cyber Resilience for SMEs.
Want some more advice around cyber security, or looking to offload the stress of managing your cyber defences? Contact The PC Support Group today and learn how we can help you get protected.
^Digital in the Round