Cyber Security Protection For Business

Uploaded on 2017-02-08 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

From encouraging a culture of caution, to backing up files, here's how SMEs can defend themselves against hacking threats.

Unlike larger companies, small businesses often operate without dedicated IT professionals, and rarely regard themselves as attractive targets for cyber-attacks. But this very attitude, and the knock-on effect of being left undefended, is precisely what may make them tempting to hackers.

Duncan Sutcliffe, director of Sutcliffe Insurance Brokers in Worcester UK, didn’t know where to start when it came to protecting his firm. “Like many SMEs, we have no in-house IT expertise and were faced with a vast array of confusing and sometimes contradictory advice," he says, "We didn’t know where to start. We found cyber security so out of our comfort zone that it was tempting to just ignore the issue."

Mr Sutcliffe is not alone in trying to put off the issue. According to the Experian data breach preparedness study, 51pc of UK SMEs do not see cyber security as a priority.

But the consequences of an attack can be severe. An assault on a business's IT systems, infrastructure or devices could mean the difference between staying afloat or going under, especially if reputational damage results in losing trade, or it faces legal consequences.

With 38pc of UK SMEs having experienced an attack in the past year, ignoring the issue is no longer an option.

Guard Against Email Span

A major threat to SMEs are ransomware attacks, malicious software that locks a device, such as a computer, tablet or smartphone, and then demands a ransom to unlock it. “Guarding against spam and phishing emails is key to mitigating the risk of these attacks, and to achieve this, you need to use a blend of technical and educational solutions,” explains Vince Warrington, founder of information security company, Protective Intelligence.

Ransomware is reliant on an end user activating it, usually by opening an infected email attachment, so educating staff who can expect attachments on a daily basis, such as finance and HR teams, is vital. They should be encouraged to have a healthy skepticism by questioning who or where emails come from.

On the technological side of things, a disaster recovery plan should be in place, outlining what to do in the event of an attack. “There’s nothing quite so devastating for your business as finding out that you’ve become a victim of ransomware, only to discover that your backups are so old – or non-existent – that you can no longer operate,” he says.

Having effective backups of data on an external hard drive or cloud-based service – or both, ideally – are useful, but shouldn't be your only line of defence.

Have A Strong Response Plan!

For some, taking an active leadership role is an important way to protect yourself from an attack. Matt Middleton-Leal, the regional director of UK and Ireland at security software company, CyberArk, says that in the absence of IT specialists, it’s up to SME leaders to determine an effective cause of action in the event of an attack, and educate staff to prepare for them.

The main way business leaders can do this is through preparation. “This means having a strong cyber security response plan that clearly defines roles and responsibilities, and outlines how data can be recovered quickly in the wake of an attack,” he says.

By regularly testing these plans through live drills, and updating them as needed, this will help prevent company paralysis when an incident occurs. Further assistance for SMEs can be found in the UK Government’s 10 Steps to Cybersecurity.

Taking a proactive approach to cyber-security means that small businesses will be able to make better and faster decisions in crisis mode, build trust from customers, and be in the best position for long-term growth, explains Mr Middleton-Leal.

Educate Your Staff On Their Responsibility

Data is far too important to be interfered with, especially when it’s extremely sensitive. The health tech industry is held to a higher standard than others when it comes to protecting patient data, so they have to invest heavily in security, says Ryan McGrath, development operations and security lead at free prescription management app, Echo.

“Our main challenge in 2017 is maintaining a culture of security while meeting operational requirements. This means ensuring that security is at the heart of everything we do,” he explains.

A critical part of that is employee education. “Ensuring that security is a priority begins during staff induction," says Mr. McGrat, "People are reminded of their responsibility under the data protection act, and we share personal experiences, as patients and employees, from previous companies. We also talk about major data breaches in the press."

Reinforcing employment contracts is done by reminding staff of their responsibility to the company's patient charter. This is done by ensuring two-factor authentication as much as possible across devices and minimising access to data. “For example, our chief executive can't access Echo patient information. All requests for data must be justified and approved on a time-bound basis,” he adds.

Telegraph:          Directors Report #1 2017. Cyber Security Checklist For Management (£):

 

« Botnets Have Infiltrated The Twitterverse
DARPA Working On Secure Data Sharing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Cybersecurity Tech Accord

Cybersecurity Tech Accord

The Cybersecurity Tech Accord promotes a safer online world by fostering collaboration among global technology companies.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.