Major cyber crime incidents are becoming increasingly common, and when they do happen, they make headline news. Millions of customers can have their data leaked, some might even have their accounts compromised, and there can be major financial implications. The problem is that many small businesses see this as something only for large organisations to worry about. But in truth, companies of all sizes need to be aware of cybersecurity and how it affects their everyday operations.
In this article, we’re going to take a brief look at what your responsibilities are as a small business, what can happen if you don’t follow them, and some tips on maintaining digital security in the workplace.
The most important thing to think about when you consider your responsibilities is that you most likely have control over the safety of other people’s assets. This ranges from their data to the money they might have in an account with you. As a result, you have a responsibility to keep these assets safe, and in an online world, good cyber security is the way you do this.
If a hacker manages to gain access to your systems and they take someone’s data, then you are likely at fault as well as the hacker. You should be doing everything reasonable within your power to ensure that this kind of thing doesn’t happen.
Of course, you do need to think about your own business too. While it may not be a legal responsibility, everyone in the business has some degree of responsibility for keeping it cyber secure to prevent incidents from occurring.
If your business isn’t cyber secure, then it can run into all kinds of difficulties, ranging from the very minor that you might not notice, to incidents that can end a business.
Loss of trust and custom is fairly likely if a customer finds out that your neglectful approach to cyber security has resulted in data loss, even if isn’t their data that was lost. It can have very negative reputational effects. Of course, it could be much worse - data might be stolen, which could result in your business having to pay compensation or even fines. In severe cases, cyber criminals have even been able to directly take money.
It’s not always quite as obvious and significant as actual theft or damage either. If a cyber attack of some sort manages to deny you the ability to go about your day-to-day work as normal, then that will cost the business. Ransomware is one such example - it could block access to devices, software or data making it difficult to work. Alternatively, DDoS attacks can bring your website down, which could be catastrophic for revenue.
Ultimately, there are lots of different consequences of having poor cyber security in place at your small business. You open the door to many different types of incident, and they in turn have an impact. It can be very difficult to individually analyse them all, which means that you need to do whatever you can to stay secure.
Given the very broad issue, it can be difficult, especially for smaller businesses with few or no dedicated IT staff to figure out exactly what they need to be doing. Here at Virtual College, we’d strongly recommend that most small businesses have some employees that have received training in cyber security. We offer introductory cybersecurity training that covers the basic (which you can read more about here), though more technical knowledge may require specialist qualifications.
That said, there are a few basic points that we can cover here that will go a very long way to guarding against many types of cyber security incidents.
All accounts and devices for all people in the company should have unique, strong passwords. This is probably the best way of ensuring that unauthorised access doesn’t happen, both from outside and inside the business. If you can use two factor authentication on some services such as banks it is a good idea to do so.
In the event that something does happen, it’s critical that you have data backed up. Hackers can physically steal data, and ransomware can even prevent you from accessing it. This is mitigated if you have access to the data elsewhere, so make sure that there are separate backups of important data, with their own security.
All of the computers and other devices in your business should be set up with antivirus software to guard against everything from traditional viruses, to ransomware and trojans. What’s more is that you need to have policies in place to ensure that they’re up to date.
Many malicious access attempts will happen through your own network and the connected devices that are on it. For this reason, you need to make sure that the network in your workplace is set up securely, and unauthorised devices cannot connect.
Finally, business-wide awareness of cybersecurity helps to maintain vigilance against potential threats. Employees should have basic training for things like avoiding phishing scams, and if they have anything to do with the points we’ve mentioned above, they should be fully aware of them too.
For more information on cybersecurity, check out our Cyber Security Basics Course.