How to keep your SME cyber safe

As well as making sure your SME is prepared when a cyber-attack happens with the right cover, prevention is the best solution when it comes to being cyber safe.
There are a few simple measures all business owners should put in place to protect their company and their clients from the fallout of a cyber threat.
Ensure you have a robust cyber security policy
Whether you have one employee or 100 employees, ensuring you have a robust cyber security policy in place is key to helping protect your business against cyber-attacks
A cyber security policy outlines guidelines that employees must follow to protect the company's digital infrastructure, information and client data. Those expected to follow the guidelines laid out should include contractors, suppliers and other external stakeholders, regardless of the frequency of their involvement.
The policy should also measure what the company itself is doing to protect against the threat posed by cyber threats such as hackers and viruses, as well as other types of system malfunction which could result in loss of client data.
Your policy should include:
- Guidelines for employees (password management, identification of threats, etc.)
- Compliance with wider regulations (i.e. GDPR)
- Systems and infrastructure (programs such as anti-virus and firewalls)
- Cyber-attack response
You can read more in our guide on how to create a cyber security policy
Put limits on employee access to client information
Password protection on computers, accounts and servers will help control access to data, however, it is important to ensure these passwords are regularly updated and access is reviewed frequently. This is to make sure that only the necessary people have access to clients' private data, considering leavers of the business.
Passwords should contain a mix of cases, symbols and numbers and should not be easily guessed. There should also be a system in place for purging outdated and old information.
Read our guide on keeping clients' data safe and secure for more tips.
Invest in adequate security software
With the increasing sophistication of cyber-attacks, it is important that your business invests in multi-layered security software. You should have firewalls and anti-virus protection on all devices which have access to sensitive data. Should the worst happen, and a breach occurs, you should also employ encryption protocols to make it difficult for them to view the data if they do breach your security. Encryption software scrambles the information which makes sensitive data unreadable to anybody without the decryption password, adding an extra layer of protection.
Regularly update tools and software
Threats, such as malware, will look for weaknesses in the software and tools your business uses. As a result, it is imperative that security software, operating systems, tools and devices (such as smart phones and laptops) which are used in any capacity for business purposes - including checking emails- are updated regularly to protect against the most recent malware.
Consider remote wiping
With many businesses offering remote or hybrid working options there has been a rise in using mobile devices for daily work-related activities. This act presents its own new range of risks. Having a laptop stolen, leaving a tablet on public transport or even joining the public WIFI in a café could give the wrong eyes access to sensitive information.
Remote wiping software can efficiently delete this data as soon as a problem is identified without having access the device itself and potentially stop breaches from occurring. Apple offer users a remote wipe function as standard (provided devices are signed up to iCloud) and Google offer a similar solution via the Google Apps Device Policy app.
Choose a reliable cloud provider
Cloud storage is great way to protect data from device malfunctions, and losses as a result, but they do not come without their own security risks. This is why choosing a reputable cloud provider with robust security measures is vital. Google and Apple both offer leading security for their cloud solutions, and you can purchase more storage when necessary for a small fee.
If, however, you would prefer to keep your data on your own private servers, make sure that you choose a well-known hosting provider. If you have the budget to do so, consider hiring an IT consultant who can provide you with some options.
Take our cyber risk assessment
Our cyber risk assessment has been designed to indicate whether your working practices could be putting your business at increased risk of cyber and data breaches.
Take our quick online test to find out if your business is at risk
Business insurance options for cybersecurity and data breaches
Whether you are a sole trader of one or an established SME, it is important that in today's rapidly advancing technological world that you protect your business from cyber threats. This is even more important if your business is responsible for sensitive data.
Luckily there are insurance options available which can give businesses that safety net in case the worst happens
What is cyber insurance?
Cyber insurance is designed to shield businesses against the fallout of a malicious cyber- attack, targeting computer systems and data. This type of policy can mitigate disruptions to your business by covering the financial costs associated with managing and recovering from hacking and/or cyber-attacks.
As a business you are responsible for ensuring the safety of data and systems with the implementation of security measures. However, while security measures can reduce the risk of a cyber-attack occurring, cyber insurance offers financial protection in the event of a data breach. By investing in cyber insurance, you gain reassurance that if the worst-case scenario unfolds, you'll have financial support to help sustain your business
What does cyber insurance cover?
Cyber insurance safeguards against losses stemming from network or IT system damage or data loss through malicious activity such as hacking, malware and ransomware. This policy can offer financial support and assistance post cyber-attack, covering costs such as system restoration, income loss, and legal liabilities if deemed responsible
Cyber insurance covers instances such as:
- Loss of documents or data
- The costs of restoring data and equipment
- Unintentional breach of copyright - for example, if you used someone's picture in your advertising without their permission
- Informing clients of a data breach
- Meeting ransom demands
- Loss of your net profit
- Your legal defence costs and damages you are legally liable to pay to other parties
What other cover should I consider?
Whilst not covering specifically against cyber threats, professional indemnity insurance could offer vital protection for your business if you provide advice, designs or professional services to your clients.
What is professional indemnity insurance?
Professional indemnity insurance covers you should a client or customer claim that your service, advice, or design is inadequate, is not as expected or resulted in financial loss for the client. It would cover any legal costs and other expenses incurred in your defence, as well as damages or costs that me be awarded to your client
What does professional indemnity insurance cover?
Professional indemnity insurance provides financial protection against claims of loss or damage made by clients or third parties, arising from your professional services, instructions, or advice. This can include loss or damage caused by professional negligence.
Professional indemnity insurance can also cover:
- Loss of documents or data
- Unintentional breach of confidentiality - this could include sharing confidential client information without their consent
- Unintentional breach of copyright - for example, if you used someone's picture in your advertising without their permission
- Loss of documents or data
- Loss of money or goods that you are responsible for
Hello