Cyber Security Advice for Small Organisations

Cyber security needn’t be a daunting challenge for small business owners. Following the five quick and easy steps outlined in the guide below could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber attack, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cyber crime.

If you want to improve your cyber security further, then you can also seek certification under the Cyber Essentials scheme, which has the benefit of demonstrating to your clients (or prospective clients) that you take the protection of their data seriously.

The advice on these pages follows the UK’s National Cyber Security Centre (NCSC) Small Business Guide, tailored in a small way to reflect the nature of reported cybercrimes in our region.

If you know you want to do something about this now, why not start by generating your own Cyber Action Plan on the NCSC website.

Improving Your Organisation’s Cyber Security

1) Backing up your data

5 things to consider when backing up your data.

Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them.

All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you’re ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.

When our Cybercrime Unit assist organisations in responding to and recovering from an incident, the availability of well-planned and properly created backups often makes the difference between a quick recovery and a protracted, business critical incident lasting weeks or months.

There are 5 things to consider when backing up your data.

  1. Identify what data you need to back up
  2. Keep your backup separate from your computer
  3. Consider the cloud
  4. Read the NCSC
  5. Make backing up part of your everyday business cloud security guidance

Read more about Backing Up Your Data on the NCSC website.

2) Protecting your organisation from malware

Malicious software (also known as ‘malware’) is software or web content that can harm your organisation, such as the recent WannaCry outbreak. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.

There are 5 free and easy-to-implement tips that can help prevent malware damaging your organisation.

  1. Install (and turn on) antivirus software
  2. Prevent staff from downloading dodgy apps
  3. Keep all your IT equipment up to date (patching)
  4. Control how USB drives (and memory cards) can be used
  5. Switch on your firewall

Read more about Protecting Your Organisation from Malware on the NCSC website.

3) Keeping your Smartphones and Tablets safe

Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than ‘desktop’ equipment.

With this in mind, here are 5 quick tips that can help keep your mobile devices (and the information stored on them) secure.

  1. Switch on password protection
  2. Make sure lost or stolen devices can be tracked, locked or wiped
  3. Keep your device up to date
  4. Keep your apps up to date
  5. Don’t connect to unknown Wi-Fi Hotspots

Read more about Keeping Your Smartphones and Tablets Safe on the NCSC website.

4) Using passwords to protect your data

Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.

Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised users accessing your devices. This section outlines 5 things to keep in mind when using passwords.

  1. Make sure you switch on password protection
  2. Use 2-step verification for ‘important’ accounts
  3. Avoid using predictable passwords
  4. Help your staff cope with ‘password overload’
  5. Change all default passwords

Read more about Using Passwords to Protect Your Data on the NCSC website.

5) Avoiding phishing attacks

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money, steal your details to sell on, or they may have political or ideological motives for accessing your organisation’s information.

Phishing emails are getting harder to spot, and some will still get past even the most observant users. Whatever your business, however big or small it is, you will receive phishing attacks at some point. This section contains some easy steps to help you identify the most common phishing attacks, but be aware that there is a limit to what you can expect your users to do.

  1. Configure accounts to reduce the impact of successful attacks
  2. Think about how you operate
  3. Check for the obvious signs of phishing
  4. Report all attacks – internally and to Law Enforcement / the NCSC
  5. Check your digital footprint

Read more about Avoiding Phishing Attacks on the NCSC website.

What to do next – and where to get help

You can download the key actions to take in a handy NCSC Cyber Security Small Business Guide Actions document. Work through these progressively, keeping in mind that each step will significantly improve your security and reduce the changes of a successful attack.

Cyber Resilience Centre for the South-East

If you need assistance in undertaking any of these actions and you are unsure of where to turn, the Cyber-Resilience Centre for the South-East is there to help.

Ensure you train staff of your expectations around reporting suspicious activity or incidents, cybercrime threats and how they can contribute to improving your cyber security. Pitching this for their benefit – such as how to create and manage strong passwords in their own lives – is more likely to result in changes in behaviour which benefit the workplace. The NCSC have a number of free resources including FREE e-learning for staff.