If you are a small business, then you might think cyber crime is something that happens to the big firms – but you’d be wrong. According to official figures, recorded cyber crime cost the UK economy £10.9billion in 2015/16.
SMEs were easy pickings, losing an average of £3,000 in each attack. The reason? Many SMEs think it is costly or complicated – or both - to take steps to protect themselves. As a result, they were making basic mistakes, which was leaving their business open to online attacks.
On Wednesday, as part of Leicester Business Festival DMU’s Cyber Technology institute are presenting on the Cyber Essentials scheme for businesses, so you can identify and reduce the risks to your firm. You can discover top tips to protect yourself online – and learn what the new GDPR laws will mean for your hard-won customer email list.
Professor Eerke Boiten, of DMU’s Cyber Technology Institute, has revealed 10 of the most common mistakes. Are you making any of them?
1. Postponing updates
Software updates are more than bug fixes and improvements to apps; they are crucial to keeping your site secure. Google employs teams of white hat hackers to try to ‘hack’ their own sites, and come up with ways to fix problems before cyber criminals can find them. The WannaCry ransomware attack affected computers that had not installed recent Windows updates.
2. Cyber security policy? Do we need one?
All businesses need to have a policy that covers how staff use email, social media usage, how staff use devices like tablets or smartphones, and what happens in the case of a cyber attack. A policy does not need to be a huge tome – it needs to let your staff know what to do – and what not to do – to keep the business secure.
3. Not having tested data-recovery from backups. Or no backups at all.
A cyber attack could easily crash your network’s operating system, corrupt data or wipe information from computers. Without secure backups (a copy of your most important files) you have no business continuity. Be honest: how long has it been since you backed up your files? And if you have, have you checked you can restore backed up files correctly?
4. Not scanned your website for common vulnerabilities.
You have probably been paying attention to web design, SEO, content and photography – but have you scanned your website to see how secure it is. You can check whether your website allows attacks on your data bases, or even allows your visitors to be infected with malware.
5. Having no idea how you obtained the email addresses on your marketing mailing list
Under current data protection and e-privacy legislation you’re already better off knowing whether these are existing customers, people who have opted in to marketing, etc. – and offer obvious ways for them to unsubscribe. With next year’s GDPR, this issue sharpens up – some companies have already thrown out their entire email marketing list to avoid problems
6. Keeping factory passwords on devices.
The router that controls Wi-Fi in the office has a configuration page that you can protect with a password. Chances are it’s been set to “password”, and cyber criminals know this.
7. Everyone in the business can access all data on all devices.
It might sound a democratic approach, but the more people who can access your businesses data, the bigger the security risk posed to your company. It also makes protecting your data much harder. Especially if – and we have seen this – passwords are kept on a post-it note tacked to a PC.
8. Never scan computers for malware
Do you find your computers running slow, or suddenly seeing lots of pop-ups appearing on your screen while browsing? You may have inadvertently downloaded malware, worms or Trojan viruses – in some cases merely visiting certain sites could enable malware to attack your browser. Anti-virus software and regular scanning is a must.
9. Customer database stored unencrypted
Keeping unsecured data makes you more liable in a data breach. An attacker can get access to your servers and steal any unencrypted data. If that data is a bunch of credit card numbers, people’s identities and personal information then you’re facing a huge data breach, which is costly to your business and your customers.
10. Not knowing who is responsible for cyber security
Your business needs to have a central person who is responsible for keeping your business safe online. This can be you or a senior IT person, so staff know who to inform if there is a breach and who can ensure your team know what action to take.
Posted on Tuesday 31st October 2017