Rahul Powar, co-founder and CEO of Red Sift discusses how to make sure your business is secure and safe from cyber attacks.
While the mainstream news agenda tends to focus on the cyberattacks on some of the world’s largest business - most recently Facebook and Equifax - fewer headlines highlight the growing number of attacks targeting small and medium businesses. In 2018, cybercrime is a very real threat that few businesses are prepared for. Where SMEs are tasked with the difficult job of juggling multiple priorities such as securing funding and establishing internal processes, cybersecurity often becomes neglected. Such negligence can result in these businesses becoming appealing targets for hackers, as often they store large amounts of data with little to no means of protection.
It is estimated that half of UK SMBs could be hacked in under one hour. These compromises are detrimental to business operations, potentially costing companies upwards of £1 million to deal with a breach. By ensuring your SME is protected against cybercrime, you are able to solidify brand reputation and prevent losses of both money and data. While the threat of cybercrime is becoming more and more real, there are a number of ways for smaller businesses with even the tightest of budgets to implement protection; being prepared is the best means of defence.
Below are a few very simple steps to follow to ensure your business is secured, allowing you to protect your company, and employees, online.
Build strong foundations
Recognising the threat of cybercrime and creating an organisation-wide security plan from the offset is the first logical step to ensuring that you and your business are adequately defended. This plan can be as simple or complex as you desire but acknowledging the potential of an attack from the off gives you a guideline to refer back to should a breach of security happen; the key is to consider and plan for the type and scale of the major risks your business faces online. A plan could outline strategies for regular organisational data backup or create guidelines for apps, software and devices that are authorised to be used at work. You might also want to think about defining the data, accounts and documents that different employees have the authority to access to ensure you are aware of how your business structures itself online. With a plan in place, your business is able to better identify areas in which it is vulnerable and allows you a better understanding of how you operate online enabling you to foresee potential vulnerabilities.
Use readily available built-in protection
Making use of the safety features that are already built-in to services you may use online might sound like an obvious tip, but many businesses fail to use what is right in front of them. From password settings to two-factor authentication, there are inbuilt measures to ensure your data is protected. Even the likes of Gmail has new anti-phishing and malware capabilities that are free and easy to use once you are aware of their existence.
Stop lurking in the shadows
You may not be aware of the term ‘shadow IT’ but it can refer to anything that is brought on to the corporate network without the blessing of IT. This can be as simple as someone installing a new web browser or marketing deciding to use a third-party bulk email sender; while this might sound like it could improve productivity, anything done without the knowledge of IT puts your company at risk. For example, an employee using an online cloud service to store data, if it hasn’t been authorised by the company, may put your company, its security and data, at risk if not properly secured. Stay informed by enabling the tracking and remote wiping/locking of software and devices, as a measure for emergency protection. You can also monitor your networks for unauthorised use of apps or software to make sure you know exactly how you operate and can keep track of your online presence.
Eliminate email insecurity
91% of all cyberattacks start with email so securing your organisation's mailing system protects you and your employees against falling victim to a scam that could cause you a catastrophic loss of data and money. Educate your employees to be able to spot a phishing email and provide training to support their safety online. Where hackers have grown more sophisticated and are able to copycat domain names, deploying anti-phishing mechanisms such as the DMARC protocol allows you to ensure that emails you send and receive are verified. Without the protocol often times an individual is unable to distinguish a genuine email from a spoofed one and employees can be lured into sharing data that causes a significant loss for the company. A government-recognised standard such as DMARC can not only allow you to identify threats but also aids in solving the issue of shadow IT, keeping you informed about who is sending emails on your behalf, ensuring your customers feel safe when they receive emails from your organisation.
In a post-GDPR world, a security breach has serious legal implications so ensuring your business and customers are protected is no longer a nice-to-have, but a vital investment. While the previous four steps will stand you in good stead, as your business grows, make enlisting a Data Protection Officer an essential milestone in your long-term strategic plan. Whether it be in the form of a full-time team member or a part-time freelancer, taking this proactive step towards protecting your business shows that you are fully aware of cybersecurity threats and solidifies your company’s safety measures for the ongoing digital age.
Our BQ Bulletin emails will land in your inbox at 7.30am, Monday to Friday, with a mix of the latest local business news, national news, and features to inspire you. Sign up here!
Click here to read our privacy statement