Boss Lady

Is your small business prepared for a cyber attack?


The internet powers so many of our businesses these days, and even those companies that are not defined by their web presence depend on safe, reliable online connections to keep things functioning. Yet so fast has this situation taken hold, and so alien is much of the technology behind it, that small businesses without a dedicated tech person can find themselves in a whole lot of trouble very quickly when things go wrong.

Half of all cyber-attacks are aimed at small businesses, perhaps because such companies have more to lose than individuals, but lower security levels than big businesses. Whatever the cause, if you run a small business with no serious cyber-security in place then you need to consider yourself vulnerable.

Like most areas of security, fixing your cyber-security is a simple issue of establishing good habits and protocol – and making sure that you and your colleagues adhere to it. For example, ensuring that your employees use complex, hard-to-crack passwords and that they change them regularly is a must. Only a quarter of small businesses have a strict password policy – and they’re likely to be the ones that evade cyber-attacks.

Ask your employees to ensure their passwords are at least eight characters long, contain a mix of upper and lower case letters, and at least one number and punctuation mark. They should not match any of their personal passwords, and it doesn’t hurt to encourage your crew to apply similar standards to the passwords they use at home. One of the downsides of the power of the network is that it just takes one misdirected email to bring the house of cards tumbling down. If necessary, you should get cyber training for staff.

If you don’t have a tech manager to stay on top of this, or a password policy seems too formal or unworkable for your set-up, it’s worth using a decent service like LastPass to help you stay on top of things.

Continuing the theme of work and personal networks compromising each other, you really don’t want your staff to use their smart phones for your business – particularly if you’re dealing with sensitive personal data. If you can, provide each employee with a dedicated, passcode-secured work phone, and install an app to remotely wipe the phone in the event of its theft or loss.

Maybe you’ve heard of ransomware: it’s as bad as it sounds. A malicious party hacks your network, and removes or locks up your files so that you can’t access them until you pay up. In the case of sensitive personal data the damage is already done, but you can render the ransoming of other files ineffective just by keeping a secure, offline back-up at all times. These back-ups should be a combination of hard drives on or nearby your premises, as well as further back-ups kept on a remote server. Remembering to maintain these back-ups is one of those security disciplines that may seem like a nuisance, but for which you may one day become eternally grateful.

And ransomware is just one form of cyberattack that will compromise your files. Other forms of malware might feed on your data in order to defraud your business or your clients, to perpetuate the virus itself, or simply out of malice. Decent anti-virus and malware software is not a luxury: scrimping in this area is a false economy. Check every new computer that comes into the office, and have steps in place to ensure that external hard drives and USB pegs are scanned when plugged into your network.

Your human network is also a vulnerability! So far, of course, we don’t have stories about DNA being infected with malware, but the structure of your team and each individual player come with their own potential flaws. For example, there’s no point in giving full access to every member of your team. It is not a question of personal trust so much as tight security: only those employees who need access to certain machines, databases or software applications should have them. Every team member should receive basic cyber-security training, and those with admin clearance should be particularly well-informed. What’s more, they should know that cyber-security is their responsibility.

That means teaching your staff about practices such as ‘phishing’, in which fake emails purporting to be from a known agent are mistaken for the real thing, prompting the sharing of sensitive data. These can be pretty convincing, and some people have even been known to give out bank details thinking that they were providing them to the boss or someone else with clearance. This kind of thing makes up nearly half of all business cyber-attacks. Staff should check incoming messages twice to ensure they come from whom they claim to come from, and have them checked by a second party before sensitive information is sent in a reply. Links in phishing emails are also likely to be harmful.

Other than that, it’s mostly about making sure your systems don’t contain inherent vulnerabilities. Old operating systems and plug-ins can slip under the radar of the newer security packages you have installed, and indeed this is how many attacks happen. It’s a particular pain because this is all bound up in planned obsolescence and the mindless forward-drive of our digital environments – but rather than complain about it, the only thing to do is to keep informed about what’s going on and to look out for warnings and alerts about vulnerabilities in your system. Keep your databases and emails encrypted, and you stand a better chance of emerging from an attack relatively unscathed.

Digital networks aren’t going to go away. Used in an engaged, creative and responsible manner, they offer your business all sorts of exciting new tools to grow and succeed. Like any tool or technique, treating them with respect and applying a disciplined approach to continuous learning and development will pay off in the long run – and save you from any nasty surprises. You can get started today by working through this excellent new guide to cyber-attack security from Headway Capital, and sharing it with your colleagues at work.

About John Cole

John writes on behalf of NeoMam Studios. A digital nomad specializing in leadership, digital media, and personal growth topics, his passions include world cinema and biscuits. A native Englishman, he is always on the move, but can most commonly be spotted in the UK, Norway, and the Balkans.

Recommended for you

What Do You Think?

Your email address will not be published. Required fields are marked *