A small business guide to cyber security

Ben Rose
Chief Underwriting Officer
08 August 2016
3 minute read

After witnessing the fall-out of high profile data breaches, such as Ashley Madison and Talk Talk, the issue has been brought to the forefront of the world's attention. And while it might be the big brands that hit the headlines, it isn't just large organisations who are targets of these kinds of attacks.

There was a time small businesses were at a lower risk, with most of their data held on their premises and with security gateways firmly controlled. But things have now changed, with the introduction of cloud services along with increasingly sophisticated cyber criminals and malware, meaning no one is safe.

Superscript is often challenged by founders of small businesses as to why they should be concerned about cybersecurity, assuming their operations are either too small or their data is not theft-worthy. Unfortunately, that couldn't be more wrong.

So what exactly makes you a target?

Why small businesses should care about cybersecurity

You're too busy and hackers know it

Running a small business can be stressful. With long days and sleepless nights, who has time to think about data security? Let's face it, you have a lot on your plate and you haven't spent much time making sure you're protected.

Unlike large organisations who have the budget to hire an entire law and compliance department, you probably don't have any dedicated legal expertise internally. As a result, you may be overlooking your responsibilities around handling data.

Your data grows with you

It can be easy to lose track of the amount of data you've generated over time. Your customer database may have been small in the early stages but before you know it, you've met over a thousand potential clients and your CRM is full to capacity.

Leaky internet

Chances are you have freelancers or remote workers accessing your systems from a local coffee shop or a co-working space. If that's the case and there's no secure Wi-Fi connection, hackers can easily steal your data.

Your data is an entry point to the big guys

It's a common misconception that hackers won't be interested in attacking a business with little money or data. And while they probably don't care about the £80 order you took yesterday, your unprotected systems could give them a 'back door' into larger clients or suppliers, which is exactly what they're after.

Every website is a target

Hackers have a lot of time on their hands to spend trawling the internet in search of websites with vulnerabilities. If your VPS (Virtual Private Server) is compromised it can be used to fire out thousands of spam email, potentially blacklisting your IP address and costing thousands to repair. Check out this real-time hacking map to give you an idea of the number of attacks happening right now.

What next?

Now you understand how and why you may be vulnerable, it's time to be proactive and take the appropriate measures to protect your business.

  1. Install security software on your company website and keep all its scripts up to date
  2. Clear your cookies on a regular basis
  3. Educate employees on the value of cyber security and the importance of reporting anything suspicious
  4. Encrypt your smartphone
  5. Use a different password for each site that you use, using a password manager to maximise security
  6. Get a virtual private network that can protect multiple devices
  7. Avoid clicking links found in suspicious emails, even from business contacts
  8. Ensure employees aren't accessing sensitive data whilst connected to public Wi-Fi networks.
  9. Never save passwords and credit card details in your browser
  10. And last but definitely not least, have cyber insurance cover in place

Unfortunately, even with these prevention methods, you are never completely safe and all businesses, large and small, must now accept that cyber-attacks are inevitable. A data breach can cause extreme financial and reputational damage, that could even be the downfall of a start-up or small business.

The Information Commissioner's Office can impose a penalty of up to £500,000 if your business fails to comply with the Data Protection Act and, from the consumer perspective, data breach incidents are also a violation of their trust and privacy. That's why our cyber liability insurance covers you for any fines or penalties, extortion, system rectification costs, PR expenses and financial loss from downtime, following the event of a data breach.

It's only a matter of time before you're a target, so be prepared. Click here for a quote today!

5 Password tips for better SME security

Share this article

We've made buying insurance simple. Get started.

Related posts