In a recent EMEA Solarwinds survey businesses were asked, ‘how long could you survive without your business data’, and 31% said they couldn’t survive beyond a week. This frightening statistic highlights the magnitude of the disruption a cyber attack can cause.
Whay are small businesses particularly vulnerable to cyber threats? Here are the top reasons:
- They can’t afford dedicated IT staff.
- Inadequate or non-existent computer and network security. They can’t respond to threats quickly enough or can’t detect them at all.
- Small businesses don’t use cloud services to back up their data offsite.
- Small businesses are easier to attack.
As a starting point to prepare your business follow these four steps to prepare for the ‘when’ not the ‘if’.
1 – Implement a security policy
It is not possible to prepare for every possible scenario including all types of cyber attack but a security policy will help your business to:
- identify key people within the business and fully understand (finance, IT, HR, management)
- understand how to communicate in the event of a cyber attack and who to
- the processes to implement to manage your IT infrastructure and changes
- what to review and when
2 – Where are your crown jewels
The purpose of a cyber attack is most commonly to steal or hold data at ransom right? So can you accurately identify where all of your data resides and who has access to it? How is backup managed and is the data encrypted? These are some of the questions to ask to understand how data is used, where it flows and how it is protected within your business.
Put an information asset register in place to understand where data is located, its purpose, its owner, who has access to it, its classification and its retention period.
3 – Technical controls
Cyber Essentials is a great starting point to ensure the following five technical controls are correctly implemented and follow best practice:
- Boundary firewalls
- Secure configuration
- Access control
- Malware protection
- Patch management
What technology do you already have in place to identify intrusion, manage your devices and safeguard your data? Who manages these platforms and are logs and alerts appropriately handled.
Dark web monitoring can also be an invaluable tool in identifying when data has been compromised and allowing you to take swift action.
4 – Raise awareness
How would your business identify a cyber attack and how long would it take?
The average time to identify a breach in 2019 was 206 days (IBM)
Human error is the biggest cause of cyber attacks, even experienced business people still make basic errors such as click on links in emails or using weak passwords. Consider security awareness training to ensure all staff have an understanding of what to look out for and the risks to your business.
How can Cyberlab help?
With many years of experience developing cyber security policy and implementing security technology, Cyberlab are expertly placed to help. We can provide an independent, unbiased assessment of your security with actionable improvements as well as a range of technologies to reduce the risk of attack.