Why You Should Be Scared Of Cyber Criminals
Cyber security is often overlooked by SMEs, but is now more important than ever. In 2014, 60% of small businesses were compromised by a cyber attack. So far this year, 74% of small businesses have been compromised. It’s important to be aware of the types of attacks out there and how to notice them early.
Cyber attacks can take a wide variety of forms and have been present almost as long as computers themselves. Cyber attacks are more common than ever; it is now easier for a criminal to make money through targeting the IT infrastructure of small businesses than through robbing a corner shop, for example. Part of the attraction to cybercrime is because it poses less risk to the criminal, mainly due to the collective ignorance of many corporations today.
The most common attacks are simple computer viruses – these are bad files, often masked as harmless files, that find their way onto your computer. Once on your computer, they can be used to steal your data, passwords and personal information.
The other kind of attack is one conducted by a cybercriminal. Most commonly, they will try and crack your password, gaining access to an account that stores your personally identifiable information and credit card details. They can then use this information to empty your bank account or engage in fraudulent activity.
Make sure your small business is protected.
Get antivirus software.
Antivirus software works by checking the files on your computer against a known list of harmful files. If there’s a match, the software highlights the bad file and prompts you to remove it from your computer. Harmful files are created every day, so it’s important to update your antivirus software whenever possible so it can keep up with the ever-growing list of harmful files.
Free antivirus software, like McAfee and AVG, is sufficient enough at catching most viruses. Paid versions, like Norton or Trend Micro, offer more features like regular background scans and protection while browsing the web. They’re definitely worth the investment, but if not, it’s essential to have some form of antivirus on your computer, so opt for a free version.
After installing your antivirus software, the first thing to do is close all programs and perform a full system scan. This will take a while, but it means every single file on your computer will be checked for viruses. Afterwards a quick scan every week should suffice. You likely won’t have to remember to perform quick scans, as most antivirus software performs them automatically.
You used to be well-protected by only having antivirus software installed on your computer. Unfortunately, as cybercriminals have become more numerous and their methods more complicated, antivirus software alone is no longer enough, and should instead be considered part of the solution to a much larger problem.
Turn firewalls on.
Firewalls check the data passing to and from your computer. If any data seems harmful, the firewall stops it and flags up an error message. Just like antivirus software, firewalls must be updated regularly so they can recognise harmful data when they see it. Firewalls are pretty common and you probably have one activated already. For example, for those of you running Windows, Windows Firewall is turned on by default.
Install software updates as soon as they are available.
Software updates are available all the time. Sometimes, software developers discover a hole in their software that can be exploited by cybercriminals, so they release an update to help patch up this hole. Whenever you’re prompted to update, don’t close the notification and carry on with your work, because you may leave yourself prone to an attack.
More companies are turning to automatic updates, to prevent users of their software being targeted because they haven’t updated to the latest version. Google’s web browser, Chrome, has supported automatic updates since it was introduced. Perhaps the biggest example of software with automatic updates is Microsoft’s new operating system, Windows 10. Alongside providing Windows 10 users with the latest features and utilities, the aim is to also provide protection against any new cybersecurity threats that arise.
Use difficult passwords.
Contrary to popular belief, passwords are still an effective way of keeping cybercriminals at bay. You may imagine a cybercriminal living in a basement, surrounded by whirring supercomputers and typing away at a keyboard, masterfully creating the next big computer virus that is going to take down a large corporation. In actual fact, the simplest cyber attack is cracking someone else’s password, because a password can be used to steal a company’s data just as easily as with a complicated hack.
The first thing to do is change default passwords on everything, like your WiFi router or WordPress website. If you’ve ever forgotten your password and been assigned a new one in an email, change this too.
Then, make a unique password for each service you use. This can seem a daunting task, because you probably have over 20 services you use regularly, but think about this: if you use the same password for everything, it takes just one of these services to be hacked and your password is stolen before a cybercriminal has access to all of your accounts — Facebook, email, online banking, everything. Some of these accounts may store your customers’ personally identifiable information, like their names, dates of birth, addresses and credit card details. A cybercriminal can use this information for fraudulent activity or theft.
Your company would be liable for this and have potentially breached the Data Protection Act, for which the maximum fine is £500,000. Needless to say, most small businesses wouldn’t be able to afford this.
Perform regular backups of data and store it offline, on a physical hard drive or USB stick.
Not backing up your data can spell disaster for your company. Lost files, databases and customer details cost too much time and money to replace, so make sure you have two or three copies of this information. It’s good practice to back up your data on physical media, like an external hard drive. It’s also best not to store it in the same location as the original files. In case of a fire or break-in, all of your backed up files could also be stolen, so keep the physical media off-site.
Make sure your company WiFi has a password.
Password protect your company’s wireless network to restrict access to it and make sure devices are free from viruses before they connect.
Train staff in good security practices.
If your company is attacked by a cybercriminal, do you or your employees know how to notice it? It’s worth learning how to spot attacks so you can help keep your company safe. A free online course is available at nationalarchives.gov.uk/sme. It only takes about an hour to complete, and afterwards, you will know all about best security practices that keep your company safe.
Report any incidents.
Finally, report any cases of cybercrime to the police using the Action Fraud website.
If you want to prove to your clients you take cybersecurity seriously, look at Cyber Essentials. Cyber Essential is a new scheme, backed by the government, that guides businesses in protecting themselves against cyber threats. Their help documents are free to download, so be sure to give them a read. You can also purchase a Cyber Essentials certificate for £300, which you can display on your website, after being reviewed by an external certifying body.
More information:
www.gov.uk/government/publications/cyber-security-what-small-businesses-need-to-know
