Cymraeg

Five cyber security tips that could save your small business

Many small businesses make the mistake of assuming that they are not at risk from cybercrime. This is usually due to the fact that they believe their size means it is unlikely they would be a target for cyber criminals. While it may be true that hackers more readily hit the headlines for their crimes against enterprises, it is also the case that they very regularly target small businesses too, seeing them as an easier target or entry point to attack larger organisations.

If you own a small company, you need to take the threat of hacking very seriously, as more than 66 per cent of businesses would not be equipped to recover from a cyber-attack. So, here are five security tips that could save your small business from cybercrime.

1. Provide training to your staff

With the risk of cyber attacks consistently on the rise for businesses of all sizes, ensuring that your business is well placed to prevent, detect and respond to cyberattacks is only possible if you have staff who possess a good understanding of security risks, and the latest threat actors. Education and training can help staff to set strong passwords as well as recognise common cybercrime tactics such as phishing.

Staff working from home and using personal devices to access business files and emails can only increase your business’ cyber risk. If this is the case, it is essential that employees follow the correct security procedures, even when they are away from the office.

If your business is expanding rapidly, remember that new members of staff will need training, so make sure that you schedule regular sessions. This will help to ensure that everyone within your company understands their responsibility and follows best practice.

2. Create a culture of cyber security

The purpose of training is to create a cyber security-conscious company culture. And of course, while training is important, it is also essential that it should be put into practice. Creating a strong security culture has to start with those in management positions in order to set a good example for others.

Considering cyber security issues when undertaking new projects, including the development of new products and services, can help you to protect your employees, customers and partners, as well as avoid problems down the line.

3. Protect against insider attacks

Training staff about external threats is a key way to minimise the risk of attacks, but don’t forget that those same staff can present a risk in themselves. It was recently revealed that the number of employees stealing confidential data is on the increase –official figures regarding UK High Court cases saw the number of employees stealing data increased 25 per cent in a year.

Having policies and procedures in place to ensure that employees only have the minimum level of system access required to perform their roles can help to limit accidental and malicious damage to your company.

4. Get the basics right

When it comes to good cyber security practices, it can often be the case that small businesses can put all the right strategies in place but then come undone by a failure to act upon something routine. A key example of this is in keeping software and systems up to date. When systems are not updated they become vulnerable to attack – so ensure that your IT team understands the importance of regular patching and as well as other processes fundamental to core cyber hygiene.

5. Outsource for expertise

Every business that has any kind of online presence or external facing system is in need of cyber security expertise. Unfortunately, however, there is currently a shortage of cyber security professionals with the skills and qualifications necessary to fill the number of positions available. This is especially problematic for small companies, as it means hiring cyber security professionals can be difficult and expensive.

One way to overcome this problem is to work with a professional provider of managed security services. MSSPs specialise in in providing security advice to businesses of all sizes and offer services including penetration testing to identify weaknesses and vulnerabilities within systems, as well as around-the-clock network security monitoring.

Mike James is a cybersecurity professional and author

In partnership with