New research suggests that cyber-crime costs small businesses around £800 million a year.
Not only that, but you have a responsibility to put adequate measures in place – if not, you could face fines of as much as £500,000 for cyber breach and data loss under current legislation. Other threats include: social media misuse, hacking, and loss of company devices.
As many as 60 per cent of small firms reported security issues last year, with major breaches costing a small firm on average between £65,000 and £115,000.
Here, we’ve created a useful checklist to help you assess whether you are helping reduce the chances of the worst happening to your business.
How many of the following questions can you answer “YES” to?
Q1: Do you back up your business data?
A copy of your data, should be kept on a storage device which is then secured away from the original. It should be updated regularly and include customer, employee, and bank information. The Data Protection Act 1998 states that it’s your responsibility to safeguard this information.
Q2: Have you created a business security and disaster recovery plan?
You need to know how you would keep the business running should disaster strike your business.
Q3: Are you keeping your internet security software up to date?
How long is it since you last updated your anti-virus software? Is it switched on at all times?
Q4: Do you know how to recognise some common symptoms of a virus?
These include: Your system slowing down, unexpected activity on your machine or pop-up messages, your email server becoming overloaded or slowing down, data files becoming corrupt or going missing or unexpected changes in the content of your files.
None of the above are conclusive proof of infection, but they are a warning that further checks should be made. If you are suspicious you have a virus, use your security software to diagnose the problem. If necessary, contact your IT support company and arrange for them to scan for any viruses and remove them from your computer.
Q5: Can you/your staff spot phishing attempts?
These are an attempt to get you to part with financial details or passwords, divert website traffic to a bogus site or direct orders to a different server to acquire confidential information – for example, by sending an email pretending to come from your bank or another organisation. Make sure you meet payment security requirements. If you take payments via your website or any other situation where the card holder is not present, you need to make sure you comply with the Payment Card Industry Data Security Standard (PCI DSS). Be cautious of any email that does not know exactly who you are, for example addressing you as ‘Dear Sir/Madam’. Ignore emails appearing to come from a bank or similar institution that ask you to supply information online – if in doubt, contact your bank directly. A good email filter will block many of these types of messages. Do not open attachments sent via emails unless you are 100% certain that they are authentic. This includes emails that look genuine from friends (as their computer may have a virus and is sending emails without their knowledge.
Q6: Can you recognise fraudulent websites?
These exist to infect your computers or obtain information from them. It’s difficult to judge sites on looks alone because it’s easy for someone to clone a website.
They can offer “bargains”, taking payment but never shipping the goods. Some sites impersonate legitimate companies, but check domain names. Malicious sites often substitute characters in domain names (like a “1” for an “I”).
If you’re buying from a website, make sure the site you’re on uses a secure connection to transfer your payment details. Look for a padlock in your web browser – click this for information about the company running the site
Check that an online business has a real world presence, with a street address and telephone number
Web filtering software can reduce the risk, but you should also make it a matter of policy that employees only do business through known, reputable websites.
Q7: Are you using the latest update of your Windows operating system?
If not you could be putting your computer and personal information at risk. Ensure your Windows operating system has the latest Microsoft updates applied as soon as possible.
Q8: Do you store your passwords safely?
Never store passwords on your computer in case they are accessed by a virus. Keep them safely stored somewhere else, but obviously in a place where nobody else can access them.
Q9: Is someone experienced and qualified looking after your IT system?
Often this task falls to someone within the business who has ‘some’ IT background but who is employed to do another role entirely. This can mean they don’t have the time to truly focus on either job as well as possible. Not only that, but they won’t be able to stay abreast of new developments in the world of IT. If the cost of employing a full time expert is prohibitive then consider outsourcing. This can be an incredibly cost-effective solution, giving you a whole team of experts for much less costs – without the added hassle of holiday and sickness periods etc.
The PC Support Group can provide advice and assistance with all of the above security issues. If you would like to discuss these email firstname.lastname@example.org or call 03300 886 116 (local landline rate in the UK from all phones)