The impact of the coronavirus pandemic on small businesses cannot be understated. Across Scotland, and indeed globally, small businesses have been forced to contend with one of the most disruptive periods in living memory.
And this isn’t the only serious threat small businesses have faced. Before the onset of the pandemic, many had become prime targets for hackers and cybercriminals seeking easier prey than larger organisations.
In fact, according to the UK Government’s Cyber Security Breaches Survey, more than one-third of micro and small businesses reported at least one breach or cyber-attack in the past year.
Additionally, the survey found that more than one quarter (27%) were hit by cyber-attacks at least once a week.
In its annual review last year, the National Cyber Security Centre (NCSC) also highlighted growing concerns over the risk of cyber-attacks on British businesses, with firms contending with up to 60 attacks every month.
The challenges of the last year, combined with an increasingly perilous cybersecurity landscape, now mean that small businesses cannot afford to fall prey to hackers or cybercriminals.
And yet, these incidents are still happening, says Colm Scott, cyber project manager at the Scottish Business Resilience Centre (SBRC).
“It is vitally important for small business owners to keep on top of their cyber resilience and preventative measures,” he says.
“Too often, it’s heard on the news that a small business owner has shut down for good due to the result of a cyber-attack. However, it doesn’t always need to be this way,” Scott added.
DIGIT caught up with Scott for a discussion on some of the best cybersecurity tips, tricks and resources that small businesses can rely on to stay safe. In terms of expert advice, he says they should always look to the NCSC.
“The NCSC has a wealth of information, ranging from cybersecurity guidance for farmers, to staying safe online when playing games,” Scott explains. “One piece of guidance, which is always a recommended read, is the small business guide.”
The small business guide offers guidance on five key areas to help protect businesses and individuals from growing cybersecurity risks.
Phishing attacks are becoming more common by the day, in many different formats, be that text, phone calls, or emails. However, the type that remains supreme is email,“ Scott says.
If you ever encounter a suspicious email, Scott says there are a number of questions you should ask yourself:
“What time was the email received; was it an unusual time like 4 AM? Does the email have bad grammar and spelling? Would your colleague normally ask for £500 in Amazon vouchers?”
Although these questions may seem trivial, they may often lead you to a logical answer and highlight key areas you should look out for in potentially suspicious email correspondence.
Good Password Practice
While password update reminders can be rather annoying, they’re also crucial, Scott says.
Research published by the NCSC in April suggested that millions of Brits could be slacking in regard to password security. So, next time you’re met with a password update notification, act on it.
But what makes a good password? Certainly not your dog’s name, if this NCSC study is anything to go by.
“Use three random words. This can be easy to remember and hard to guess,” Scott says. “It’s recommended to use more sophisticated words than ‘DogCatMouse’.”
“You should always include numbers and special characters when creating your three random words password and never reuse a password. That includes changing the number at the end, for example, changing ‘LengthyPineappleMotorhome1’ to ‘LengthyPineappleMotorhome2’ is never a good idea,” he adds.
If possible, multi-factor authentication (MFA) should be used, Scott notes.
Often cited as one of the key cybersecurity tips for both small and large businesses, this means that a user has to use at least two methods of authentication to gain access.
“Backups are easy to do and can help you out in a pinch. In the unfortunate scenario where your only computer has become damaged or stolen, it’s possible to recover the situation by restoring backups from another location,” Scott says.
Given recent high-profile ransomware attacks, including the SEPA and HSE attacks, ensuring that your business has backups is essential.
In the event of a serious incident, this could help reduce downtime from anywhere up to one week to just a couple of hours, Scott says. However, it is important to consider what data to backup and when to do it.
“The cloud is always a good location if you can’t source a location of your own. Backing up data should become part of your routine, like turning off the lights or locking the door at the end of the day,” he says.
“If you treat it this way, you’ll have peace of mind that if something happens, you’ll be able to recover.”
Although Windows 10 and macOS come complete with their own methods to prevent malware, it’s still recommended to have dedicated antivirus software on a device.
“This increases the chances of any malware being detected before it can harm your machine,” Scott says.
Other ways to mitigate the risk of malware is to compile an approved list of apps, programmes and locations to download.
“This way, you can ensure staff know where to get approved items, although this can never be a guaranteed prevention method.”
- DIGIT Leader Summit 2021 | Leaders must step up to drive change
- Heriot-Watt to develop short-range quantum encryption for 5G
- Could an AI assistant help with those tough household tasks?
One of the key cybersecurity tips for small businesses includes keeping devices updated to their latest recommended version.
These updates will usually include patches for newly-discovered bugs and exploits that can help prevent future attacks from occurring.
Device updates aren’t just restricted to computers or laptops, however. Research published last month by Which? highlighted the dangers of not updating broadband routers.
Broadband routers from some of Britain’s top internet service providers are also outdated, the research found, putting users across the country at increased risk.
Following an attack
Ultimately, cybersecurity tips for small businesses – or any business, for that matter – can often only go so far. On occasion, disaster can strike despite an organisation’s best efforts.
According to Scott, if a small business were to fall victim to a cyber-attack, it’s crucial that they react as quickly as possible and seek out resources, advice and guidance from relevant authorities.
“There are many resources you can call on for support, including the Cyber Incident Response Helpline, which can provide free expert help.”
Launched in partnership with the Scottish Government and Police Scotland, the SBRC’s Cyber Incident Response Helpline aims to support victims of cybercrime by providing expert advice and guidance.