Approximately 98% of UK-based businesses now operate online, whether this is using email, providing information on a company website, having a presence on social media, banking or shopping via the Internet.
A Government report last year highlighted that 43% of all businesses and charities experienced a cyber breach or attack in the period October 2017-October 2018 – that’s over four in ten! Those cyber breaches or attacks included computer viruses, hacking and theft of data or financial information. According to the report, breaches were identified most often in businesses holding personal data and those where staff members use personal devices for work.
Another startling statistic from the findings is that nearly half (47%) of small businesses suffered an attack or breach in that 12-month period. The implications of those attacks or breaches could result in work computers/laptops/phones/tablets being out of action for however long it takes to resolve the attack, which could upset your usual day-to-day operations. At worst, a breach or attack could affect your company’s ability to operate, impact on cash flow, prevent you selling via your website and badly damage your reputation with customers both for lack of security and failure to deliver goods or services as promised. Clients may well avoid a supplier that seems to have vulnerabilities.
The Government suggests that to reduce the risk of cyber-attacks or breaches you use strong passwords which can’t be guessed and which you DO NOT use elsewhere. Hackers use password-guessing tools which can crack weak passwords in an instant.
They also suggest that you keep all software and applications used by your business up-to-date. Hackers often look to exploit smaller firms by targeting out-of-date software but software and application updates contain vital security updates to help protect your systems. You can set your devices, including Windows 10 PCs, to do updates out of hours so that it doesn’t interfere with your working day.
The Government advises that following the suggestions above will also help your business meet the requirements of the General Data Protection Regulation (GDPR) which came into law in May 2018. This regulation requires companies that hold personal data to put appropriate security measures in place to protect that data. Taking this action will help protect your company’s important information and could help prevent a fine from the regulator, should you be unfortunate enough to suffer a data breach.
Here at PSL Datatrack we would like to agree with the Government suggestions above but we also feel that there are more simple steps that any small business can do to reduce the risk of suffering from criminal cyber activity.
We highly recommend that your business takes regular backups of all critical data and systems to cover yourself from any kind of cyber-attack, breach or ransomware virus. If your business is subsequently affected by any of these, you would have the option to restore data and systems from backups rather than having to pay a possible ransom fee. Backups are also necessary to protect your business against hardware failure; especially in small businesses as having a PC out of action for even a week could have a major impact. The cost to your business of losing data could be considerable.
If your backups are rotated and kept on physical media away from your network (ideally offsite) then there is very little risk of the backups becoming infected. We always recommend PSL Datatrack customers to back up their PSL Datatrack production control software data onto an external hard disk or to invest in 5 USB flash disks – label them through Monday to Friday and take daily backups of PSL Datatrack on each. It is worth keeping one of these offsite at all times, just in case! To some, this may seem a little old fashioned, but backing up to the cloud carries its own risks of a cyber security or ransomware attack. Maybe there is nothing quite like being in control of your data yourself? After all, it is your business’s most valuable asset along with your staff.
Make sure you use reputable, well-rated antivirus software on every computer or device your business uses and ensure that they routinely run virus scans to make sure any potential threats are detected and dealt with as soon as possible.
We would also advocate staff training on how to spot a virus email. Typically they contain nothing but a link and maybe some unusual or vague wording but sometimes they appear to come from someone you know so train your staff to spot how to interrogate the sender’s email address to see the real sender’s information.
Also ensure that your employees know your limits in terms of what websites they have permission to use and where computers do not need access to the Internet do not give them access. It could even be worth considering a no-personal-devices on the company network policy to protect your business from unmonitored devices.
Given the government statistics at the start of this article no business can ever guarantee that they will not suffer a cyber-attack of some sort but we can all use all of the tools available to us to minimise the likelihood.