Protecting your small business' data

Cyber security and the steps you can take to protect your business

A common misconception is that cyber attacks only happen to big companies, but hackers target small and medium businesses too. Attacks get more sophisticated every year - staying prepared is key. Here are some steps you can take to protect your business.

What’s coming?

The next few years will likely bring more complex threats that small businesses need to look out for. Attacks and data breaches are growing in number and impact. These aren't just nuisance issues. A cyber attack can:

• disrupt your business
• cause huge losses
• harm your reputation.

You might see more cyber security tools using AI. AI can pick up unusual behaviour, like suspicious logins. This can help catch attacks before they go too far. The good news is this tech is getting cheaper and many budget options are now available for small businesses.

Many businesses are moving towards the use of ‘zero trust’ models. This means not automatically trusting anyone who logs into your network, even staff. The idea is that every user and device must be verified to keep your data safe. This might sound high-tech, but even small businesses can make use of this idea to improve security.

On the legal front, data protection rules will keep evolving. The UK General Data Protection Regulation (GDPR) is a key law for UK businesses. It makes firms protect personal data. Complying is essential to prevent fines and build customer trust. It's a win-win.

Practical ways to protect your business

Cyber security is technical, but it can be manageable and affordable. Here’s a few practical steps you can take to get started.

• Strong passwords are an easy first step. Passwords should be complex, difficult to guess and never repeated. Using a password manager can help your team to create and securely store strong passwords. You can also consider using Multifactor Authentication to make logging in more secure.
• Get the right tools. Antivirus software and VPNs (virtual private networks) are simple but powerful. They detect and stop threats like viruses and malware. For businesses with remote workers, VPNs are helpful tools. They add security when your team access company info outside of work. For example, on public Wi-Fi at a coffee shop or home networks.
• Train your team. Your staff can be your first line of defence, or they could be your weakest link. 90% of data breaches start with phishing¹. Training doesn’t have to be complex. It can be as simple as showing your team how to spot phishing emails. They should be cautious with links and attachments. Some companies even run phishing simulations to test staff awareness. One session can greatly reduce the risk of an attack from an accidental click.
• Have clear security policies. It's a good idea to set simple cyber security rules. For example, outline the use of company devices and set guidelines for remote work security. A policy might include basics like updating software and reporting anything suspicious.
• Stay compliant and protect data. Following the UK GDPR is a legal and practical step. It shows that you know how to handle customer data. You must secure it and have a breach response plan. Regular audits will help you keep up with changing rules. A legal expert can ensure nothing slips through the cracks.

Why cyber security matters

Why go to all this trouble? The reality is that the effects of a cyber attack can be huge. Small and medium businesses are usually less prepared to deal with an attack and take on average 200 days to identify an attack, and a further 70 days to contain it². For 1 in 5 companies, the impact will be enough to threaten the viability of the business³. You might also lose customer trust, which can take years to rebuild. This is a risk beyond financial loss.

Many insurance policies now want you to have cyber security in place. Insurers can ask for proof of your cyber security measures, and they might need to see it before covering losses from a cyber attack.

Start today

Small steps can make all the difference. Set up an antivirus. Train your team. Bring in a data protection policy. Update your approach as you learn more about cyber security. This’ll help you to be proactive and protect your business.

¹2024-cofense-annual-state-of-email-security-report.pdf

²https://www.ibm.com/reports/data-breach

³https://www.hiscox.co.uk/sites/default/files/documents/2023-10/Cyber-Readiness-Report-2023-UK.pdf