Chief Underwriting Officer
How can cyber security be improved in your business?
Cyber-attacks have risen by more than 50% in the last three years, as cyber criminals become increasingly sophisticated, and businesses fail to keep pace.
Regular high-profile attacks, along with the introduction of the GDPR, mean that awareness of cyber and data threats is definitely on the up. However, while it’s big brands that hit the headlines, it’s often small and medium-sized businesses that slip through the net, due to a lack of knowledge and resources to protect themselves adequately.
The latest government survey found that only a quarter (26%) of micro and small businesses have a formal cyber security policy, while just 19% have done cyber security training with staff. Most businesses know they should be doing more, however, when you’re short on time and budget, it can understandably be difficult to know where to focus your efforts.
Here are eight simple ways that you can improve cyber security in your business:
1. Do a risk analysis: You can’t identify the cyber precautions you need to take until you know what’s at stake. Undertaking a risk analysis enables you to identify the data you hold that is most vulnerable, and valuable, as well as what the biggest cyber threats are. For more on how to do this, consult our blog on creating a cyber risk management framework.
2. Get the basics in place: At the very least, you should have a properly configured firewall, along with anti-malware and anti-virus software, installed on all your computers and devices. Our rundown of the must-have cyber security tools can help with other tech investments you should consider.
3. Update your systems regularly: Failure to update your systems and software can leave gaping holes in your defences. Remember the WannaCry ransomware attack that hit more than 200,000 computers in 2017? Well, it could have been avoided if all those using the compromised Windows software had downloaded a patch released by Microsoft a few months before. So, never ignore available updates – they’re there for a reason.
4. Use a password manager: We know, we know, not that old chestnut. But it seems that many of us never learn. Recent research found that even though 91% of people know that using the same password for multiple accounts is a security risk, 59% still use the same passwords across multiple accounts. Go figure! Of course, remembering passwords is a pain, but if you have a password manager, it will do the hard work for you. So, make them mandatory in your business.
5. Keep an eye on your supply chain: Suppliers often have privileged access to your systems and data and, if they don’t have the same security standards that you do, that can leave you vulnerable. A study from CrowdStrike found that two-thirds of organisations experienced a supply-chain attack in the past 12 months, so always set contractual security requirements for your suppliers and carry out regular checks if need be. More on this here.
6. Protect all mobile devices: Lost or stolen mobile devices can give cyber criminals an easy entry point to your systems, so any sensitive information on these needs to be protected at all times. Ensure all phones, laptops and tablets are password-protected with strong and complex passwords, fingerprint, or facial recognition technology. They should also be encrypted (this is easy to do from the security settings) and have mobile security software installed.
7. Communication and training: Human error is the single biggest reason that cyber security breaches happen, so getting your people on board is vital. Start with a cyber security policy, outlining key processes and procedures, relating to handling sensitive information, password security, the use of personal devices and response plans. You should also carry out training around cyber issues at least every 12 months.
8. Response plan: You can do everything in your power to avoid being hit, but sometimes those hackers are too clever. That’s when you need a response plan to manage the fallout, and minimise any reputational and financial damage. This should cover your legal response, how you’ll handle any media enquiries, finding out what happened and informing customers. If you buy cyber insurance through Superscript, this is all included – just so you know!
If you’ve already got all these covered then congratulations - your business is in pretty good cyber shape. However, if you feel like there are a few (or even numerous) areas where you could do better, then it’s time to get those gaps plugged… before the cyber criminals take advantage.
- Cyber security risk management framework.
- Ultimate guide to cyber security
- How can you get the whole business behind cyber security?
- How to protect your business against cyber crime
- Must-have cyber security tools
- The evolving challenge of protecting against cyber risks
- What can start-ups learn fromthe Pokemon GO cyber attack?