By Mark Brown, Founder of Psybersafe
The online business world is becoming less and less safe. We’ve all read stories in the news about large corporations being hacked and having their data compromised or stolen – and these are just the stories that make headlines. Small companies are even more at risk but don’t grab the attention in the same way.
Unfortunately, the common factors in many of these cases that hit the headlines are that the criminals are able to access a company’s systems through employee errors – inadvertently clicking on a bad link in an email or exploiting a weak password for example. A staggering 90% of cyber security breaches are actually caused as a result of human error, so education and training are as important as firewall and cyber security technology.
How could a cyber attack affect your business?
As a finance organization, cyber security should be a top priority – the risks are high and the consequences great if you are dealing with a lot of sensitive personal and financial data.
The most common impacts of a cyber security breach on a small business range from reputational damage right through to legal and civil claims for data loss or privacy issues. For small businesses, these impacts can be difficult to recover from, and there’s a real risk that if your business is attacked by cyber criminals, it may not survive.
What steps can you take to keep your business safe?
Whilst ensuring you have up-to-date antivirus and anti-malware software, effective firewalls and data back-ups, do not overlook what could be your best line of defence – decent cyber security training for your employees. Ensuring that you involve your staff in your company’s cyber security is the best way to protect yourself and your business. It’s not difficult to make sure you have regular communication with your team about cyber security and run regular training updates. You can do this in daily team meetings or weekly all-business emails. Make sure that people get into the habit of checking everything and assuming nothing. If you’re technically savvy you can have a message pop up every time someone logs into your system, for example.
Even in their personal lives, your employees need to be careful about oversharing data that might compromise them. As a responsible employer, you need to remind them to practice good digital citizenship and that includes:
According to the National Cyber Security Centre (NCSC) , the top two passwords still used by people to keep data safe are 123456 and 123456789. This is despite IT departments, security specialists and cyber trainers emphasising the importance of a strong password. Any password used by you or your employees needs to be long and unique if it is to keep out someone determined to get in. So a strong password needs to be at least 15 characters, with a mix of letters, numbers and special characters. Use a password manager app to keep passwords secure – you then only have to remember one long, strong password.
Employees need training to help them avoid clicking on dangerous links in a text message or email, even if they look like they are from a friend or colleague – this is how cyber criminals steal information. It is safer to go through your browser or app directly to check if the link is real, for example. Hackers are becoming more and more sophisticated so it is important to double check any link or attachment, every time.
Other safety measures
- Ensure that everyone understands why they shouldn’t share any personal details – in posts or in images. That includes names, address, postcode, school, workplace, date of birth, phone number or contact details. These are all useful to would be hackers.
- Keep devices locked when you’re not using them. If you’re just going to grab a cup of coffee, when you step away from your laptop or PC, lock or close it. It’s a small effort but make it a habit. Your phone or tablet probably locks itself after a minute or two, but make sure it does and don’t leave them lying unattended. It can take just seconds to steal your information.
At the top of this article, we said that 90% of successful cyberattacks are the result of human error. Now is the time to make sure your people are trained to be aware of the risks, know how to mitigate them and engage in the positive behaviours that protect themselves and your organisation in the long term.