Steps to help shield your business from cyber-attacks [Part 2]

Tue Nov 07 2017

Because we know cyber-security is on every business owner’s mind, we’ve enlisted the views of Hacksy’s* whizz kid Sam Nixon. Follow the steps below to help protect your business from cyber criminals. And if you haven’t yet read Part 1  it’s here and worth a look.

The basics that all business need to know, and do, to stay safe

Step 1

Decide how to protect your business

A lot of businesses think ‘it’ll never happen to me’, so they inadequately prepare. This is true across all sizes of businesses. But burying your head in the sand, or being a cyber denier, is a risky strategy.


"There’s a degree of truth in a business being too small to get hacked. But it might still happen by accident, or because a hacker wants to. After all, hacking is a business so hackers are always looking for ways to make money".

Sam Nixon, Product Lead, Hacksy

Step 2

Decide what approach you’re going to take

One of the first steps towards securing your small business is always going to be about making a decision around how you handle information. Restricting access to all data to one person, for example, will reduce your risk of a breach but is probably not practical. Or you could share information very freely and worry about the consequences later. Obviously we wouldn’t recommend that either.

It’s better to take a longer-term view of cyber-security. Think about how your policies will protect your business now and as it grows. So that would be a programme of education for your staff.

“Behaviour, individual user behaviour, is the biggest determining factor in whether or not you get hacked.” – Sam Nixon, Product Lead, Hacksy

Step 3

Think about cyber security alongside everything you do, rather than in isolation

If you’re setting up a new database, designing a new landing page that’ll collect customer data, or planning any marketing communications, it’s crucial to look at cyber risks as part of the process. Equally, if you already have those things but they’re not protected, you need to make sure they are and make a plan for how to keep them secure.

Step 4

Know what tools are available to help you

For most businesses, simple tools like password managers, encryption software and two-factor authentication can make it easy for your staff to stay secure. Most of these tools cost just a few dollars a month.

At Hacksy, we couldn’t live without password managers or two-factor authentication. They’re simple tools that create cyber-security in numbers if everyone’s on board.

COMMON RISKS 

PROTECTION OPTION

Personalised phishing emails

Personalised phishing emails Attacking yourself with phishing attacks sounds a bit silly, but it can be a good way to prepare in the event of being actually attacked. Tools like PhishMe  provide an easy way to try and phish yourself or your small business, and can help protect you in the long-term by pointing out what to look for.

Weak passwords

Password managers – these are tools which generate complex passwords and store them in an encrypted database.

Two-factor authentication is a way of adding an extra lay of security to, say, laptop access. It not only requires a password or token, but also a second physical device, such as a mobile.

Lack of awareness

Make cyber security fun. It’s not easy but it’s possible through gamification. For example, set up leader boards for things like secure passwords, number of people who click on phishing links etc. Having full transparency of cyber behaviour can be really effective in getting everybody on board.

Unencrypted data

If a hacker does get in, it’s important that your information is stored in a way that makes it hard for them to steal. Encrypting information makes it harder, and the good news is that Full Disk Encryption (FDE) comes as standard on Macs, and there are great tools out there for Windows users. Follow something like this handy tutorial on how to set up encryption for Windows 10.

Next steps?

Don’t just sit back and worry about what to do. If you’re a one-man-band or part of a small business, start by downloading a password manager, getting to grips with it and educating staff on what it is and why they need to use it.

For any business with employees, look into encryption software that allows you to authenticate users automatically, allowing you to control access to the right IT systems, documents and data. This is crucial now but will also fall under GDPR from May 2018.

Find a way to change the mindset of every person within the organisation. The only way to do this is make it personal, interesting and fun.

We, at Hacksy, do that by feeding people’s data back to them. In other words, we search for people online, get a load of information about them (where they went to school, what they like to eat, where they live etc.) and then try and either create a personalised phishing email or guess their password.

It’s amazing how often these simple techniques make people realise that they’re responsible for their own cyber security and how easily it can be compromised.


This is part of our Mindset & Planning series – content dedicated to practical advice for SMEs when it comes to getting in the right mindset for business growth. Other articles in this series include:

7 reasons why cash flow is more important than profit
SMEs: Here’s how to create more time (and how to use it)
11 great podcasts on productivity

* Hacksy is an online cyber security assistant. It takes complex cyber and information security topics and makes them accessible through a conversational interface. It’s all about empowering every single person within an organisation to take control and ownership of their own and the company’s cyber security.

Want to accept card payments?

Call us

If you need to speak to an advisor, give us a call on:

0800 096 8199

 

Request a call back

Fill in some details and we'll call you back