Cyber crime is costing UK businesses an estimated £30 billion every year, and rising. Cyber breaches can have devastating effects, and could even lead to the closure of your business.
It's never been more important to make cyber security a priority.
Here's our essential guide to cyber security for start-ups and SMEs.
Tip 1 - identify all possible threats
Cyber Risk Reviews must consider IT in your facilities such as AirCon, Lifts, Doors, Alarms, & CCTV not just Networks.
Cevn Vibert, Industrial Cyber Security Advisory Director, Vibert Solutions
You need to know how secure your systems are before implementing any additional measures. A cyber security audit will help you understand where you are now, as well as identifying any threats that are specific to your business – both external and internal.
Make sure you’re aware of the latest cyber threats and keep your operating systems up to date, as the latest software patches often contain important security fixes.
Is your data regularly backed up? Are your smartphones and tablets protected? These need even more protection than desktop equipment because they are used outside the relative safety of the office or home. You need to ensure that your organisation is protected from damage that could be caused by malware and viruses, and guard against phishing attacks by raising employee awareness. Make sure your password policy is effective too, and that it’s being correctly used across the organisation.
New variants on old scams like spear phishing, hacking, bots and malware are something to be aware of. Also consider the damage that can be done by employees who abuse their privileges or those who use their own devices at work. The list of potential threats is long, and because they keep evolving it’s vital you stay up to date.
Tip 2 - make cyber security a business priority
Don't wait for an incident to occur, act now to protect the network and assets within it. Failure to do so can have significant impacts financially and impact the reputation of an organisation to a degree which they may not recover from.
Dan Driver, Head of Perception, Chemring Technology Solutions
After carrying out your risk assessment, formulate a clear risk management policy and communicate it to your staff, management, contractors and suppliers.
Ensure the protection of any data shared with a third party and protect data from unauthorised access, modification or deletion. Make sure suppliers and contractors are aware of, and will comply with, your security policy, and that any shared network connections do not introduce unmanaged vulnerabilities that could affect the security of your network. Employees play a vital role in protecting your organisation’s security. Explain the threats you have identified, and let your employees know what you are doing to mitigate risks. It’s your responsibility to create and communicate the security rules, and to provide the technology that will enable them to do their job as well as help keep the organisation secure. Support them with an awareness programme and training that establishes a security-conscious culture.
Make sure your approach to passwords is robust. All laptops and desktop devices should use encryption products that also require a password, while mobile devices should have password or PIN protection, or fingerprint recognition. Use 2-factor authentication (2FA) wherever possible and encourage employees to avoid using predictable passwords like family or pet names. Ensure staff can store passwords safely, away from the device, and that they can reset their own passwords easily.
Protect your network, defending the perimeter, filtering out unauthorised access and malicious content. Monitor and test security controls. An awareness of any unusual activity will help you guard against attacks.
Tip 3 - leverage existing schemes
The most important stuff isn't complex. Getting the basics right with Cyber Essentials can greatly reduce the threats.
Richard Bach, Co-founder & Director, XQ Cyber
There is lots of help out there, with online training for cyber security awareness and certified courses for anyone with operational responsibility.
Concerned about where to start? Adhering to the 5 controls recommended in the government-backed Cyber Essentials scheme could prevent up to 80% of all cyber attacks. Cyber Essentials is designed to help SMEs guard against the most common cyber attacks with an online self-help guide that covers securing your internet connection, securing devices and software, controlling access to your data and services, protecting from viruses and other malware, and keeping your devices and software up to date.
Several other trusted solutions and schemes are available to help keep your cyber security in check, including GCHQ certified cyber security training for awareness and application levels. Other providers include IT Governance, SANS and IASME.
Tip 4 - assume you’ll be hacked
Prepare and test a plan to identify, communicate and recover to ensure you can rapidly resume business with limited impact.”
Sam Smith, Head of Digital Risk and Security, Cadent Gas Ltd
Every organisation is a potential victim of cyber attack. So rather than waiting for evidence that you are being, or will be, targeted by specific threats, it is safer to assume that you will be hacked sooner or later.
It’s important to have a policy in place for dealing with a cyber attack – how will your business manage a temporary period of down-time? Are you backing up your business-critical systems and information? How safe is your customer data?
To ensure your company’s cyber-resilience, it’s vital to ensure confidential information is ring-fenced and protected, manual processes are in place to ensure business continuity, and you have an incident response plan – including how you’ll deal with PR and customer communications.
Limiting the number of employees with administrative privileges and ensuring your policies and processes are regularly updated and clearly understood is vital. Stay up to date with legal and regulatory requirements, and make sure you have appropriate insurance in place to protect your business against loss and liability.
Taking a proactive approach to cyber security will help you reduce the risks of attack and ensure that, in the event of a security breach, your business in is good shape to mitigate the impact.
- Innovate UK Twitter @innovateuk
- For more Innovate UK videos subscribe to our YouTube channel here
- Sign up for email notifications on funding, connections & support opportunities
- Follow Innovate UK on Facebook
- Connect with Innovate UK on LinkedIn