This year has seen businesses and organisations globally, from the NHS to Equifax, hit by hackers. The scale of these companies shows nobody is safe, and if the larger businesses, with their teams of cybersecurity experts, are falling victim, what chance do smaller businesses have?
Research by the Department for Digital, Culture, Media and Sport (DCMS) found 45% of all micro or small businesses have been the victim of a breach or attack over the past year. Just last month, the technical director for the National Cyber Security Centre (NCSC), a part of GCHQ, warned about the possibility for an unprecedented cyberattack within the coming years.
Now, the NCSC has released a guide for such small businesses giving practical advice on how to protect themselves.
"Cyber security can feel daunting for a small business, which is why we've made the UK's most easy-to-access guide to help them thrive online," said Alison Whitney from the National Cyber Security Centre.
"Protecting against malware, backing up data and avoiding phishing attacks should be as second nature to a small firm as cashing up or locking the doors at night. Whether you own a bakery, a building firm or you sell products online, our advice will help all business owners avoid threats that can cost time, money and reputation."
How to keep your business safe from hackers
Back up
The first piece of advice given in the guide is to back up your data in a separate place from your computer. This could be in a physically separate place, like a USB kept in another building, or in the cloud. The NCSC guidelines say to do this every day.
Malware
The second piece of advice is protecting your organisation from malware using antivirus software and avoiding dodgy apps. Another way to stay away from malware is to keep your software up to date, and control how many people use USB sticks.
Phones and tablets
Cyber security is not only about laptops and computers. The NCSC guidelines provide five steps to protect your phones and computers, including password protection, tracking if the phone is stolen, updating security software and apps, and not connecting to unknown WiFi.
Passwords
It might sound obvious, but password protection is the first step in preventing a cyberattack. Two-factor authentication should be used whenever possible, and people should avoid using default passwords or predictable ones.
Phishing
One of the most common kinds of attacks is phishing, where someone sends an email or text with a disguised link, in an attempt to get the person to click bad links or share their personal information. To avoid phishing attacks, business owners can configure accounts, make sure staff understand what kind of requests they are likely to receive, keep an eye out for obvious signs and report when attacks happen.
More detailed advice can be found in the full version of the guide.
All of this advice is not necessarily going to prevent every kind of attack, but it is a good place to start. One thing is for sure, cyberattacks will not be going away any time soon.
"Cyber crime is one of the fastest growing risks to small businesses and support to tackle it is essential," said Mike Cherry, national c hairman at the Federation of Small Businesses (FSB).
"FSB research shows cyber attacks on small businesses now cost the economy over 5bn a year. Without the time, resources and in-house expertise, it can be challenging to know the best, and even most basic, steps of defence.
"Clear guidance is an important part of increasing the cyber resilience of the small business community, and we hope to see all future information consolidated in one place so that small firms know exactly where to turn for the most up-to-date cyber security advice."
