With small businesses accounting for 43% of all cyber-attacks annually and the growing need for businesses to work with digital devices, it’s critical that prevention methods are put in place to protect a business’s purse strings, customer data and reputation.
At The South East Cyber Resilience Centre, we are often told that SMEs find the thought of cyber security a daunting and overwhelming challenge. As part of our remit, we help SMEs break through knowledge and skill barriers by providing free resources, tools and guidance that is easy-to-follow regardless of your cyber security experience and knowledge.
We work closely with The National Cyber Security Centre (NCSC) who are the UK Government’s arm for cyber security. A resource developed by the NCSC specifically for the small business community is their Small Business Guide.
The Small Business Guide has been split into five key areas and contain easy steps that could save time, money and even your business’ reputation if followed. The guide can’t guarantee protection from all types of cyber-attack, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cybercrime.
Over the coming weeks, we are going to take a look at each area of the Small Business Guide to help highlight the steps to take in each area and how they can support your business in the fight against cybercrime.
First up, the importance of backing up your data
Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them.
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.
Here are 5 things to consider when backing up your data:
1- Identify what data you need to back up Your first step is to identify your essential data. That is, the information that your business couldn't function without. Normally this will comprise documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet or network.
2 - Keep your backup separate from your computer Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:
are not accessible by staff
are not permanently connected (either physically or over a local network) to the device holding the original copy. Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won't result in you losing both copies. Cloud storage solutions are a cost-effective and efficient way of achieving this.
3 - Consider the cloud
You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.
Using cloud storage (where a service provider stores your data on their infrastructure) means your data is physically separate from your location. You'll also benefit from a high level of availability. Service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware up front. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.
4- Read the NCSC’s cloud security guidance
Not all service providers are the same, but the market is reasonably mature and most providers have good security practices built-in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost.
However, before contacting service providers, we encourage you to read the NCSC's Cloud Security Guidance. This guidance will help you decide what to look for when evaluating their services, and what they can offer.
5 – Make backing up your data a part of your everyday
We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically. For instance, when new files of a certain type are saved to specified folders. Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.
Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you'll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.
How does The South East Cyber Resilience Centre work with SME's to tackle the threat posed by cybercrime?
We provide many free resources designed to improve your #online security, from checklists to Incident Response templates, there's something for everyone. Get yours today and receive our FREE welcome pack here https://www.secrc.police.uk/free-information-pack
We hope this will be useful for you but if you have any further questions or would like to know how we can help your business, please get in touch.