Cyber-attacks are happening all the time. And though an SME owner might think that their business is just small fry and not of interest to a cybercriminal, the opposite is actually the case. Large organisations with big budgets are too much of a challenge for some, so easy pickings elsewhere is where they turn.
What can you do? Well, first off, you need to understand this is an ongoing issue. There are some general actions that you as an SME owner need to take. And then there are some specific things you must incorporate into your business practices on a regular basis.
How do you kick things off?
Understand the evolving risks
The most important first step is to take time to get your head around what vulnerabilities exist within your business, and how hackers and cyber criminals could exploit those vulnerabilities. Once that understanding is in place, it’s then just as important to keep up to date with the evolving nature of these problems.
Ensure cyber security becomes ingrained in your company culture
Educate your staff and also give them the tools they need to continue educating themselves on the subject. Ensure every policy and procedure references cyber security where applicable. Regularly remind your staff how attacks can sneak by unnoticed. Keep them vigilant. Be clear what the procedure is for reporting both suspicious activity and overt attacks. Share news on the latest attempts that have been caught. Applaud the people who identify them and take action.
Develop an incident response plan and practise it
This is linked to the above point, of course. Telling staff they need to be vigilant isn’t enough, you have to tell them what to do if a problem is discovered. Different issues will require different responses and it’s worth brainstorming this with staff before the plan is written up. Of course, this has a dual role. Lots of minds thinking about a problem will be better than just one. But by including staff in the process you are also helping them to commit to it on an ongoing basis.
What regular actions should you take?
Keep your software up to date
People tend to assume this refers only to anti-virus and firewall software, but it doesn’t. Other types of application you’re using may develop weaknesses over time. Software companies issue updates and patches as cybercrime evolves. An app that was ‘safe’ one day, can very swiftly turn into an open door to trouble the next.
Make passwords stronger
Password management is a fundamental aspect of cyber security. Educate your staff to use strong passwords. Insist they include alphanumeric combinations, as well as lower and upper case letters and symbols. And don’t allow anyone to leave their password written on a Post It note on their screen!
Be vigilant with emails
Train your staff on how to spot suspicious emails. We’ve written a blog dedicated to this subject, so to find out more about it click here. Put simply, though, you should insist staff delete any suspicious incoming mail. Make them wary of unsolicited contact, in fact, and request that they never click on a link unless they know the sender and are expecting the email.
Verify financial requests and details by phone
Build a two-step verification process into your procedure for processing financial requests. Pick up the phone. It may often seem a waste of time but it could save you a lot of time and money at some point.
A short blog article like this can only ever be a brief introduction into a very fast-evolving complex subject like cyber-attacks. If you’d like to understand more about what you need to do to protect your business from the risks cybercrime poses, then give us a ring. We’d be delighted to talk things through in more detail with you.