Secure IT system considerations for small businesses

Secure IT system considerations for small businesses

From the individual with personal data to protect, to the multi-national corporation with billions invested in its private operations, we all have to consider how to avoid an online threat.

Stories of cyber-attacks on big organisations are regular features in the news. Major companies including Sony Pictures, Yahoo!, TalkTalk and Wonga have all been compromised in the past several years.

What are the risks for small business?

Big companies may have their name in the headlines when their data is stolen or their systems destroyed, but small businesses are also vulnerable to attack.

A recent report conducted by Kaspersky Lab found that over half of all European firms have suffered some disruption or data loss in the last two years alone. UK businesses specifically were found to face a very high risk of online attacks, with some 64% of those surveyed reporting that they’d fallen foul of cyber-crime in the last 24 months.

The ramifications of such an attack can potentially spell the end for some small businesses. Stolen client data can lead to cripplingly expensive legal battles as the enterprise defends its name and practices, while stolen or ransomed money can simply halt an SME’s cash flow and stop it trading altogether.

It’s vital that anyone starting up or running their own small business should educate themselves on the issues surrounding cyber-crime, and know how to avoid becoming its latest victim. The question is, how do you do this?

Is your business secure?

Businesses’ preparedness for a cyber-attack varies greatly from one sector to another and is often dependent on their size. Evidence referenced in this BITC report shows that, proportionately, small businesses do not invest the same time or resources into protecting themselves as their larger equivalents do. In fact, a massive 25% of small and medium-sized businesses do not have any cyber security strategy at all.

This may be because small businesses mistakenly believe their modest size is, in itself, protection from a cyber-attack. However, small businesses are often used as the gateway to larger business’s big data stores. After all, if big, multinational organisations can fall prey to cyber-attacks, your small business could be a sitting duck.

For example, the WannaCry attack in 2017 saw systems compromised within some 80 NHS Trusts. It was found that the NHS had been using vastly outdated IT systems to store even their most sensitive information – many computers ran a version of Windows XP, an operating system that was 17 years old at the time of the attack. The aged software naturally meant it was vulnerable to exploits.

Additionally, the Tesco Bank attack of November 2016 saw the bank eventually fined £16.4 million by the Financial Conduct Authority, when found it had not addressed ‘deficiencies’ in the design of its debit card until after the attack began. Earlier still, in 2015 TalkTalk suffered a data breach that resulted in the Information Commissioner’s Office fining the internet service provider £400,000.

The NCSC’s 5 steps for tighter security

In an effort to help small businesses boost their protection, the National Cyber Security Centre has created a list of five simple steps any company can take to lessen their risk of attack.

  • First, back up your data. Data backup can take many forms but it’s a vital task.
  • Next, protect your business from malware. Malware is designed to cause damage to computers or computer networks.
  • Then, look beyond your PCs. Other devices are also vulnerable to attack, such as smartphones and tablets. Ensure your systems are running the latest software and hardware to help prevent a similar occurrence as the NHS suffered during the WannaCry attack.
  • Afterwards, consider your password strength. Passwords are another key consideration and there are bad, good and better ways to manage them.
  • Finally, avoid phishing attacks. Sent in the form of emails, it’s important to be able to identify and avoid a phishing attack on your business.

In essence, the Small Business Guide promotes a new way of thinking about staying safe online. It recommends that taking care of cyber security “should be as second nature as cashing up or locking the doors at night”, rather than being seen as a low priority.

Other considerations

As well as doing all you can to prevent an online attack, businesses who deal extensively with handling data may benefit from cyber insurance. This is particularly beneficial if you deal with large volumes of customer data, or if the small amount of information you are responsible for is of an especially sensitive nature. Alternatively, an attack may prevent trade for days or weeks. Or, it could simply eradicate the information you need to function properly. In any of these circumstances, you’ll need the right cyber insurance against loss of net profit, to pay for potential legal costs and to cover the costs of restoring vital data and equipment.

A two-pronged approach is the best way to guard against online threats; prevent and protect. Do all you can to stop an attack happening in the first place and, take steps so you’re always ready for the worst possible outcome.