Do your employees know how to reduce the risk of a cyber attack?

Cyber Aware is the Government's behaviour change campaign to encourage individuals and businesses to adopt simple, secure online behaviours to protect themselves from cyber criminals. This free advice for businesses is based on the expertise of the National Cyber Security Centre, part of GCHQ. Full detailed guidance can be found in the Small Business Guide here: www.cyberaware.gov.uk/protect-your-business

Despite the perception in the media, it's not just large global companies that are at risk of a cyber attack or data breach. In fact, the recent Government's Cyber Security Breaches survey revealed that a third (32%) of micro and small businesses identified one breach or attack in the last 12 months, so staying secure online should be a priority for businesses of all types.

Many small businesses store a significant amount of consumer personal information. Businesses with lots of data and poor cyber security present an easy opportunity for hackers to retrieve valuable personal information in bulk. Yet although many businesses recognise the threat of cyber attacks, many remain complacent - only planning to deal with an attack as and when it happens. This is counter-intuitive.  Picture your business falling victim to a cyber attack and imagine having to phone your customers or suppliers to tell them you have lost their personal data. You could lose hours trying to get your devices and website back online, you may suffer damage to your business's reputation or even face a fine under the GDPR laws.

Small and medium sized businesses must be on the front foot in preparing and defending themselves from cyber crime, but often it can seem hard to know where to start. The good news is there is a wide range of free guidance and support offering quick and practical steps to protect your business online.

Start with your employees and take action to enable them to protect themselves and your business. There are a number of important habits your business and its employees can adopt to create a strong culture of cyber security and prevent becoming a victim of cyber crime.

Email accounts - a hub of information 

For most businesses, email will be the most used form of communication - with clients, suppliers and even between colleagues. An employee's email account contains a wealth of information. This may include client bank details, supplier and customer addresses, confidential internal emails and much more.  We get our business valued, but have you ever considered the value of your employees' email inboxes? If your business suffered a hack or your employees were locked out of their email accounts, the fallout would likely be both financial and reputational loss.

Cyber Aware's recent research shows 27% of respondents from all age groups reuse their email password across multiple accounts. This means if a hacker gains access to one account, they may be able to gain access to a number of accounts holding important information. You should encourage your employees to create strong and separate passwords for their email accounts. By doing this, employees can reduce the risk of a hacker gaining access to a number of accounts, reducing the potential damage to the business.

Other useful tips to share with employees include using three random words to create a strong password, and where available, enabling two-factor authentication on their email account. Two-factor authentication has become ever more important as hackers and cyber criminals have become more advanced in their password hacking. When employees log in, having two steps of authentication, such as providing a fingerprint or entering a unique code which has been sent to their phone, gives their most important accounts an extra layer of security - protecting employees personal information and your businesses data.

Your employees will receive hundreds of emails each day. With this volume of messages it is important all members of staff remain suspicious of emails or attachments that don't look right. Remind employees that even if a suspicious email comes from a company or person they know, it is best to contact them by other means to check the message is genuine. An email address can be faked and attachments may contain viruses or malware.

Install the latest software and app updates

As businesses become more digitised, an increasing amount of consumer data is being stored on a range of electronic devices, all of which will require software and app updates.

In a post-GDPR world, all businesses have a legal responsibility to protect personal data wherever it is being stored.  Software updates can be negatively perceived as employees and businesses fear they are going to change the system and design. It's important for businesses to remember that updates can bring new features and most importantly fix weaknesses in the existing software that are exploited by hackers. Recent research from Cyber Aware and Anglia Ruskin University revealed that 47% of UK adults delay installing updates, so it's likely a few people working at your business are procrastinating on this task too.

Installing the latest software and app updates doesn't have to become another task on the team to-do list. Employees can choose to install updates overnight when they leave the workplace if their devices are plugged in. Even better, encourage all staff to set mobiles, tablets, laptops and desktops to automatically install any available updates when connected to Wi-Fi.

Back up your most important data

If hackers do successfully gain access to your business's data they could steal your files and data and demand payment for their return. Data can be stolen, edited, deleted or corrupted when hackers gain access. By regularly backing up your business's most important data, you can protect yourself against further financial loss by hackers threatening to misuse the data. To protect it, back up company data to an external hard drive or cloud-based storage system. This not only protects important data from being lost but also reduces the potential damage to the business if devices were to become infected by a virus or malicious software.

Staying secure online might feel like a daunting business challenge, but it doesn't need to be.  By fostering a workplace culture that prioritises cyber security and encourages employees to adopt simple but effective cyber security habits, your business can protect itself online.

For more cyber security guidance and detailed versions of the tips above, you can download the free Small Business Guide from the Cyber Aware website to help guard against the most common cyber threats.