How to protect your business from cyber-attacks
The rise of cybercrime is posing a significant threat to small businesses, putting the security ofassets and customer information at risk.
In 2023, it was revealed that 90% of cyber breaches impacted small to medium sized businesses, with 60% of small companies reported to go out of business within six months of a cyber-attack. It is essential that SMEs are aware of how to prevent cyber-attacks to keep both their business and customers safe.
To help, here are five ways to help small businesses protect against cyber threats and prepare themselves should a cyber-attack happen.
1. Conduct a risk assessment
Before implementing any cyber security measures, business owners should conduct a thorough risk assessment to identify any potential vulnerabilities and threats to the security of their digital assets and data. As a specialist insurer of small businesses, we have created a simple cyber risk assessment that considers IT systems, data storage practices, employee behaviours and potential points of entry for cyber-attacks.
Having assessed the risks to your business, there are several cyber regulatory requirements which small businesses need to be aware of and make sure they operate within. Read more about these rules and regulations, here.
2. Invest in employee training
Employees are the key link in the cyber security chain which can receive hands-on training to help protect company data. According to Information Commissioner’s Office (ICO) data, about 32% of attacks occur because of human error, which is why ensuring that all employees are properly educated and trained should be a priority when it comes to keeping data safe.
Training sessions should educate employees on the best practices for cyber security, such as how to identify phishing emails, recognise suspicious behaviour and secure data handling procedures.
3. Create a cyber security policy
A cyber security policy details guidelines that employees within a business must follow to protect the company’s digital infrastructure, information, and client data.
While the specifics of the policy will vary for different businesses, depending on several factors, there are some basics which should be included in all cyber security policies. These include:
- Context: Begin your policy by explaining what the guidelines will cover and how it will help the business, to ensure employees understand the importance. Make sure to include definitions for terms used throughout which relate to cyber security.
- Systems and infrastructure: Provide details on software/programs used to safeguard data, such as how they work, what they do to protect information and tips on how employees should use these programs, if necessary. You should also include how your business trains IT workers to keep digital systems safe from threats and vulnerabilities. Outline their role in both preventing a cyber-attack and what should happen if one does occur, ensuring they are fully aware of their responsibilities.
- Guidelines for employees: Every comprehensive cyber security policy should incorporate an employee-friendly guide covering secure password practices, email usage protocols, phishing detection, social media guidelines, risk mitigation strategies, data recovery guidance and specific instructions for remote workers, including network access protocols.
- Cyber-attack response: It is important to also outline the company’s response in the event of a cyber-attack. This should be included in the policy by outlining responsibilities for investigation, timely client communication, incident reporting, reviewing insurance coverage, and ongoing employee training, ensuring compliance and responsible action in the event of a breach.
- Compliance with wider regulations: Adhering to standard GDPR regulations is also essential. Key policy components include obtaining data transfer consent, the process for notifying the Information Commissioner’s Office of a breach within 72 hours, granting users data deletion and access rights, offering comprehensive explanations of user rights, and, where relevant, outlining procedures to protect children's data.
For further information, read our guidance on creating a cyber security policy.
4. Implement cyber security measures
Businesses of all sizes should invest in robust cyber security measures to protect their IT infrastructure and data assets from unauthorised access and potential cyber-attacks. This could include deploying firewalls, installing antivirus software, implementing intrusion detection systems, and using encryption tools to safeguard sensitive information and prevent data breaches.
It is essential that you secure your networks and databases, as well as creating a backup of your data. Technology used within day-to-day work, for example laptops, iPads, or phones, should all be kept safe using multi-factor authentication, as well as storing in a locked place.
5. Ensure you are protected should the worst happen
Not all business insurance policies cover against cyber-attacks, so it is vital that you check what your current policy covers and assess whether additional insurance is needed.
Cyber insurance is a specific form of cover that can help protect your business in the event of a malicious attack on your computer systems and data. This type of policy can help minimise disruption to your business, covering the financial costs involved in handling and recovering from a cyber-attack or hacking threat. Examples of some of the events it can cover include; informing clients of a data breach, the costs of restoring data and equipment, and meeting ransom demands.
If you are unsure whether cyber-attacks are covered by your current policy, review your documentation, and speak to your insurer to make sure your business’s risks are minimised in the event of a cyber-attack.
While navigating the cyber security landscape may seem daunting, especially to small businesses or those who are self-employed, implementing these strategies can help safeguard against potential threats, keeping businesses and their clients safe.
To read more about our insurance solutions and business advice, visit our Help & Guidance hub.
Need some help?
0800 640 6600
Mon - Fri 08:30 - 17:30
Local rate and mobile friendly
Support