By Lawrence Jones MBE, CEO, UKFast and Secarma.
Throughout 2016 we've seen a shift in media attention towards cyber security. Data breaches and hacking are now headline news. This year has seen accusations of hacking in the US election, Yahoo admitting to two colossal data breaches with lost user records numbering in the billions, and hacks on small businesses rising dramatically, with SMEs increasingly targeted by ransomware attacks.
The internet of things offers new opportunities to attackers as the network of connected devices grows. These devices – kettles, fridges, baby monitors, etc – are often not as tightly secured as our PCs, phones and laptops.
The threat to small businesses is huge, with reputations on the line and heavier fines to be dished out for those who fail to protect data to an adequate level. Small businesses without dedicated IT staff must take steps to protect the personal data they hold, whether that's customer data or the personal information of their employees.
Lawrence Jones, CEO of cloud and dedicated hosting firm UKFast and cyber security consultancy Secarma, offers his five key steps for small business owners to take in order to stay safe in the evolving digital landscape as we enter the New Year.
1) Use a password manager
Remembering strong passwords for all the applications you use in your business and personal life is all-but-impossible and many people end up either using weak passwords or re-using them. Instead, use a password manager. There are many around, such as LastPass and KeePass. Be aware that some password managers have had security breaches, so be sure to yours up-to-date.
2) Check your backups
One of the most damaging attacks, and one of the most frequently deployed against small businesses, is Ransomware. This malicious software encrypts your critical business files; locking you out and demanding payment for release. Imagine the damage that could do to a business.
Ransomware is allowed into Windows systems when users click on malicious links, downloads or attachments in spoofed emails. Users should never open email attachments from sources they don't recognise. Malicious emails used to be less sophisticated, with basic looking templates and spelling mistakes. Now they are branded with company logos and a forged email address. Attackers often tailor the email for their victim using information they know about your business. Personalised attacks, of course, have a higher success rate.
The frequency of this kind of attack has exploded in the last 12 months because the criminals are getting results. Now's the time to fight back. Ensure you keep regular backups in a separate location, so that if you're held to ransom you can recover your critical files without having to pay the attackers.
3) Beware Internet of Things (IoT) devices
Many IoT devices have been the weak link which led to a security breach, putting your home network at risk. Like any software, you need to keep IoT devices up-to-date.
Think carefully before setting up a "port forward" to allow you to login to devices remotely - if you have a weak password or vulnerable device, hackers will be able to access it too, and if it's connected to devices you use for work you'll be leaving your business exposed.
4) Educate your team
It's difficult to change human behaviour and break bad habits, so it's important to get your team together in a group to discuss the risks and how to avoid them.
Show them examples of ransomware attacks and other phishing emails, and give them the stats about what falling for these scams costs individuals and businesses every year. Provide examples of how individual employees have caused irreparable damage to businesses. It may seem farfetched, but it's important they see just how crucial it is to be aware of the dangers. Ultimately, we're all responsible.
5) Use an ad blocker
Many viruses are spread through malicious adverts. Using an ad blocker is a simple and quick win in helping you to reduce your exposure and keep your business safe.