{"id":174184,"date":"2023-05-10T13:34:08","date_gmt":"2023-05-10T12:34:08","guid":{"rendered":"http:\/\/realbusiness.co.uk\/?p=174184"},"modified":"2023-05-10T14:38:05","modified_gmt":"2023-05-10T13:38:05","slug":"small-business-guide-cyber-security","status":"publish","type":"post","link":"https:\/\/realbusiness.co.uk\/small-business-guide-cyber-security","title":{"rendered":"Small Business Guide To Cyber Security"},"content":{"rendered":"<div class='booster-block booster-read-block'><\/div><p><strong>When hearing about cyber attacks in the news, SMEs can often be lulled into a false sense of security, because usually it\u2019s large organisation breaches that make headlines. However, this is not a true representation of the facts on the frontline. SMEs are in most cases more vulnerable to cyber attacks than larger organisations.<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">A recent survey conducted by the British Insurance Brokers\u2019 Association (BIBA) found\u00a0<\/span><a href=\"https:\/\/www.biba.org.uk\/press-releases\/manifesto-commitment-to-cyber-risk-cements-cfc-as-bibas-go-to-cyber-insurance-provider-for-uk-brokers\/\"><span style=\"font-weight: 400;\">96% of all cyber-attacks are directed at SMEs<\/span><\/a><span style=\"font-weight: 400;\">. This demonstrates that SMEs are not immune to cyber attacks and could be at imminent risk of one. It\u2019s important that SME leaders consider the financial and reputational risks of not being cyber secure.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Understandably, SMEs often lack the resource and time to invest in robust cyber security measures and end-user training, which is something bad actors are all too aware of. With just <\/span><a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2023\/cyber-security-breaches-survey-2023\"><span style=\"font-weight: 400;\">28% of small and 52% of medium businesses having invested in cyber security awareness training in the last 12 months<\/span><\/a><span style=\"font-weight: 400;\">, it\u2019s a topic that needs addressing, fast.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Cyber security can feel like an overwhelming problem to address because it\u2019s an ever-moving target, threats evolve and change in line with technology. It\u2019s not a one and done scenario, it\u2019s a continuous improvement cycle to stay one step ahead. Overall, it can be a resource intensive task which keeps your employees and leadership teams away from focusing on what matters most.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, there are basic boxes to be ticked that will guide you on your journey to becoming cyber secure. Here are our top tips for better cycber security for small businesses:<\/span><\/p>\n<h2><b>Place your Protection<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">It\u2019s key SMEs start with the basics. Think firewalls, malware protection and encryption. All with the same purpose to protect data, systems, and people in your organisation.\u00a0<\/span><\/p>\n<h3><b>So, what is a firewall?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Network firewalls safeguard your business. They add a layer to your onion of protection against attacks and bad actors. Essentially, they prevent traffic on your networks and employees\u2019 devices from sources that do not meet the security protocols you have implemented.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should be implementing a firewall with a:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">High performance level, including HTTPS decryption and content inspection<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Zero-day defence<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Phishing prevention with domain name system<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">VPN and remote working capabilities\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automation<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><b>Malware protection<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Malware is born from the combination of both malicious and software. If it enters your network, it will navigate your IT systems, copy data, remove backups, and disable access to your applications. It usually finds its way into your systems via malicious email, infected websites or through poorly protected remote access. A zero-day attack that leverages an unknown vulnerability in an operating system or other software are also used as an entry point.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Malware comes in many forms, here are three:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ransomware \u2013 a process that blocks access to your files and systems via encryption, with financial demands to restore access.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Spyware \u2013 collects information and activity about users and organisations without you knowing it.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Worms \u2013 a threat that spreads itself throughout the network by replicating itself.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">The best way to prevent Malware from entering your businesses networks or devices is via:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Endpoint, Detect, Response (EDR) protection for all servers and endpoints.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Operating system patching and vulnerability management.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implementing a firewall.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Securing access to your systems for remote workers.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Educating employees to ensure they know what to look out for.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><b>End user education<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">In most business scenarios less is more always win. But with cyber security there is always room for more. That\u2019s more training to educate your end users on how to spot cyber threats and suspicious activity.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It\u2019s basic, but did you know <\/span><a href=\"https:\/\/www3.weforum.org\/docs\/WEF_The_Global_Risks_Report_2022.pdf\"><span style=\"font-weight: 400;\">95% of breachers are a caused by human error<\/span><\/a><span style=\"font-weight: 400;\">? It\u2019s a quick win you can\u2019t afford to miss.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Go back to security basics, covering training on:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Creating a strong password. Ensure your employees are using passwords that are 15 characters or more, including letters numbers and symbols. Inform them to stop using pet or family names and use unique passwords for each site or system. Finally, implement mandatory two-factor authentication 2FA and MFA authentication, which are greats ways to add another layer of protection if passwords are compromised.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Spotting phishing emails. Employees should be informed to be wary of suspicious links and attachments. If they are unsure, they shouldn\u2019t click on them. In addition, they should always check the from address, as it\u2019s often a tell-tale sign. They should also check the email for spelling mistakes or minor differences from known senders. Attackers will also employ a sense of urgency; employees should be aware not to act impulsively and check with IT if they are unsure.\u00a0<\/span><\/p>\n<h2><b>A worthwhile investment\u00a0<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Finally, it\u2019s key SMEs don\u2019t overlook preventative measures that can limit or stop these attacks in the first place. While there may be some cost associated with the above measures, it\u2019s a small investment compared to the cost of a breach or attack. When attacked SMEs can be damaged financially and reputationally. Customers can lose confidence and may be at risk themselves, should their data be recovered by attackers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">SMEs can further boost protection by becoming Cyber Essentials or Cyber Essentials Plus certified. The government-backed scheme ensures that businesses have the right protection in place. Cyber Essentials is commonly asked for from businesses working with public sector organisations and can be required to attain Cyber Insurance to cover you financially in the event of a successful attack.\u00a0<\/span><\/p>\n<h2><b>Cyber security next steps<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Ready, set, secure. Get started on your cyber security journey with free resources from Sharp UK, an award-winning technology partner. <\/span><a href=\"https:\/\/sbsuk.me\/3LNdLir\"><span style=\"font-weight: 400;\">Discover our free resource pack with posters, employee to-do list and a checklist.<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When hearing about cyber attacks in the news, SMEs can often be lulled into a false sense of security, because usually it\u2019s large organisation breaches that make headlines. However, this is not a true representation of the facts on the frontline. SMEs are in most cases more vulnerable to cyber attacks than larger organisations. A [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":174185,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[8890],"tags":[],"class_list":["post-174184","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-technology"],"views":1880,"_links":{"self":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts\/174184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/comments?post=174184"}],"version-history":[{"count":0,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts\/174184\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/media\/174185"}],"wp:attachment":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/media?parent=174184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/categories?post=174184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/tags?post=174184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}