The way the internet has permeated every aspect of business has brought significant opportunities and efficiencies, but it has also brought risks. Here are some of the key ways that you can protect your business against cyber threats...

A recent Government survey found that a quarter of all businesses detected at least one cyber security breach in the last 12 months, the most common being viruses, spyware or malware (68%), and breaches involving impersonation of the organisation (32%). The average estimated cost was £3,480 per breach, but in some cases an attack can be disastrous.

Cyber essentials

To help businesses protect themselves from common internet based threats, the Government has developed the industry-backed scheme ‘Cyber Essentials’. Guidance aimed at small businesses recommends two initial ways that firms should tackle cyber security: getting the basics right, and adopting a risk management approach.

Cyber security: the basics

As an initial step, make sure you implement these simple protections and behaviours:

1. Download software updates – Download software and app updates as soon as they appear on your devices and computers.
2. Use stronger passwords – One tip for creating a strong password is to combine three random words to create a password that is both memorable and hard to guess (e.g. ‘greenstarbulb’), as well as mixing upper and lower case letters, numbers and symbols.
3. Always delete suspicious emails – If in doubt, just delete unusual or suspicious emails, particularly requests for information or messages asking you to click on a link.
4. Use anti-virus software – Make sure you install anti-virus software on all your devices, including mobiles, and keep it up-to-date.
5. Train your staff – Provide full information for your staff regarding cyber security threats and how to deal with them.

A risk management approach

The risk management approach to cyber security comprises four key steps:

1. Understanding the risks – Consider what is at stake if you suffer a breach: money and IT equipment, information (from client details to trade secrets), and even your reputation. Think also about who poses the risk – malicious hackers and criminals, but also accidental security failures by employees – and about what forms a breach could take, whether it be malware sent by email or the physical loss of a laptop. What could be the potential damage to your business?
2. Planning –Ask questions such as: which information assets are critical to your business and what risks could they be exposed to? How could you continue to operate if your systems were attacked? What legal and compliance obligations does your business have?
3. Implementing –This involves putting in place security controls to protect your equipment, information, IT systems and outsourced IT services, and explaining responsibilities and best practice to staff.
4. Reviewing – Create processes for routinely reviewing the effectiveness of your controls and keeping up-to-date with information about the latest threats.