Businesses of all sizes face potential risks when operating online and therefore need to consider their protection from cyber attack. SME’s have a lot more to lose than larger enterprises as a single cyber attack may have dire financial consequences and have a direct impact on the future survival of the business.
Small businesses will be a lot more secure from cyber attack if they heed and adopt some of the following recommendations from Deon Hanekom, compliance manager at 9 Spokes.
User awareness is key to any cyber security strategy whether in a large enterprises of 10,000 employees or a small business with a single owner operator.
Train employees about information security and make sure they understand the consequences of cyber attacks. One does not have to go into too much research here as almost every other day a data breach or a celebrity’s social media account is hacked.
Limit employee access to data and information as applicable i.e. apply a role based access requirement lens and only provide the requisite access/authority for the execution of the specific task/function.
Make sure that all your devices are secure by updating the firmware and software on a regular basis or as soon as the manufacturer releases updates or patches. Also ensure that the antivirus software on your devices are kept current as they depend on regular virus signature definitions to be effective and to halt any malware from embedding itself.
Make sure that all network access devices such as routers/modems are secured with WPA2-AES encryption at a minimum and do not broadcast the SSID. Your service provider should have provided guidance around this and should be more than willing to assist you with this.
Document your policies and procedures for cyber security and make sure that they are understood and acknowledged by your team.
Encrypt data at all times, e.g. customer details on your local in-office database. Most cloud service providers can provide these and other services with the extra benefit of backup and disaster recovery services.
Make sure that you have read and understood the requirements of the Data Privacy Act and the requirements of the UK Information Commissioners Office.
If you store customer data (Personal Identifiable Information (PII)), then you need to register with the ICO.