875,000 SMEs across the UK have been affected by a cyber attack over the past 12 months, according to data compiled by Zurich.
Of businesses that were affected by a cyber attack, more than a fifth (21%) reported that it cost them more than £10,000 and one in ten (11%) said that it cost more than £50,000.
Yet, despite the volume of attacks and potential losses, nearly half (49%) of SMEs plan to spend less than £1,000 on cyber security in the next 12 months, leaving them vulnerable to substantial losses.
Don’t take the risk of remaining vulnerable. Here are five steps you can take to shield your small business from cyber attacks.
1) Train staff
The majority of cyber attacks take the form of phishing and spear phishing, where cyber criminals target individuals rather than computer systems.
To this end, training employees in basic security practices – such as how to recognise potential threats and what precautions to take – is a must.
Cyber security is everyone’s responsibility, and research shows that traditional cyber security awareness measures can be greatly enhanced by implementing a security programme that creates a total culture change and tackles employee behaviours.
2) Secure wireless networks
Wireless networks can be easily exploited by cyber attackers.
To prevent this, avoid WEP encryption (which can be cracked in minutes) and use only WPA2, which uses AES-based encryption and provides better security than WPA.
For further protection against brute-force attacks, protect your network with a complex passphrase containing at least 25 characters and including a mix of letters (upper and lower case), numerals and symbols.
Wireless network penetration tests can help you spot the cracks in your network.
3) Keep software updated
Up-to-date software will help you guard against the latest threats and keep your infrastructure secure.
Pay attention to any notifications about updates to your operating systems or antivirus software. Ignoring them can leave cracks in your defences.
4) Control access
Administrative access to your systems should only be granted on a need-to-know basis. Keep sensitive data – such as payroll – out of the hands of anyone who doesn’t need it to do their job.
5) Back up data
Small businesses can lose data as well as money in a cyber attack. Conducting regular backups will make sure you can still access your data in the event of a breach or event.
Backup services such as Dropbox offer a cost-effective solution, with plans starting from as little as £10 a month.
ISO 27001 and cyber resilience solutions
The only comprehensive solution to the growing threat of cyber attacks is to implement a robust approach that tackles all aspects of information security throughout the organisation.
ISO 27001 provides a proven framework that helps organisations protect their information through effective technology, auditing and testing, organisational processes and staff awareness programmes.
Nearly 30,000 companies have already taken the step to achieve certification to the Standard, enabling them to reap the benefits of an independently audited security posture.