Cyber-attacks are becoming a daily phenomenon in world news. The BBC have reported a series of cyber-attacks on large organisations over the last few years, ranging from TalkTalk’s breach in 2015 (resulting in a loss of 101,000 customers and £60m) to Tesco Bank’s attack, with roughly 400,000 bank accounts affected. Although the public is becoming increasingly familiar with data breaches on well-renowned, multi-national organisations, they remain unaware of the smaller, unpublicised cyber-attacks on SMEs. According to a recent survey, 74% of small organisations experienced a security breach last year.
With the new breed of sophisticated criminals now targeting computer systems we have put together a list of 10 steps that can help you prevent your business becoming a victim of a cyber-attack:
- Risk management – Bring in a third-party specialist risk management company to carry out a review of your system. With the growing threat in cyber-attacks this is now as essential as a risk management health and safety consultant.
- Backup Drives – Keep and alternate backup drives each night to prevent loss of all data in the event that you are hacked and held to ransom.
- Manage user privileges within your organisation – Restrict access to confidential information stored on your system.
- User education – Create security policies for use of the network and internet within your organisation. Ensure that all employees sign a contract agreeing to the terms and conditions of these policies and keep these documents on record. Provide staff with regular training on the risks of cyber. You may also wish to obtain out-sourced support when setting up these policies from a risk management company.
- Incident management – Establish an incident response and disaster recovery plan in the event you are hacked and lose all your data. It is now essential to factor cyber-crime into your business continuity plan as you are more likely to be a victim of cyber-crime than you are of being burgled.
- Malware prevention – Produce policies that address any vulnerability to malware. It is critical that you update procedures to scan for anti-malware across your organisation regularly and protect all machines with antivirus software.
- Monitoring Traffic – Establish a strategy to monitor inbound and outbound traffic within your network. This will allow you to identify any unusual activity or trends that could indicate any attempt of attack or compromising data.
- Home and mobile working – Most organisations use a Virtual Private Network (VPN) or intranet to communicate with their staff. Many individuals use their phone to access a VPN or their work email and this can be a high security risk as mobile phones are highly vulnerable to theft. Mobile devices also have limited security systems and so it is worth limiting their use for work purposes. If you do use a mobile for work, you should log out as soon as you have finished using it.
- Phishing emails – Train staff to spot phishing. Never pay money into bank details provided via email. Always check the email address from any suspicious email (hackers will appear to be a business email contact but the email address will differ).
- Ransom – In the event a hacker manages to take control of your system, do not pay the ransom as many of the hackers once paid will not return your data.
Although cyber-attacks on SMEs often seem to slip under the radar of main-stream news, they have become a daily reality for small to medium organisations. A data breach can cause a lot of damage to an organisation – particularly if they’re a small company – and attacks are becoming increasingly sophisticated. Having cyber insurance is now an essential part of any insurance programme. If you have need any further information about how to protect your business or would like to discuss your business risk with a trusted adviser, please contact CCRS on 0141 212 8820.
 Palmer, K. and McGoogan, C. (2017). TalkTalk loses 101,000 customers after hack. [online] The Telegraph. Available at: http://www.telegraph.co.uk/technology/2016/02/02/talktalk-loses-101000-customers-after-hack/ [Accessed 17 May 2017].
 ITV News. (2017). Tesco Bank hack: What you need to know. [online] Available at: http://www.itv.com/news/2016-11-07/explainer-what-you-need-to-know-about-the-tesco-bank-hacking-attack/ [Accessed 17 May 2017].
 Rsagroup.com. (2017). How do I protect my small business from cyber crime?. [online] Available at: http://www.rsagroup.com/the-thread/how-do-i-protect-my-small-business-from-cyber-crime/ [Accessed 7 Mar. 2017].
 Gov.uk. (2017). 10 Steps: Summary – GOV.UK. [online] Available at: https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary [Accessed 7 Mar. 2017].