8 ways to protect your start-up from cyber crime

While cyber attacks on large corporations and organisations make national newspaper headlines, small businesses are just as likely to be victims of cyber crime - and the costs can be high.

According to a survey conducted in 2019, the Federation of Small Businesses (FSB) found that small businesses in the UK collectively experience 10,000 cyber attacks each day.

These attacks can be lucrative for cyber criminals, with the annual cost of a cyber attack averaging around £1,300 per incident and the overall cost to the small business community amounting to £4.5bn annually.

Failure to protect your small business from cyber crime can be costly - and not only in terms of an immediate financial loss. A data breach can damage your business' reputation, erode customer trust and impact sales.

Factor in website downtime and the cost of restoring operations and cyber crime can pose a risk to the viability of a small business.

What is cyber crime?

Cyber crime is criminal activity that targets individual computers, computer systems or IT networks with the intention of stealing passwords, data or money.

Once in control of your computer system, criminals may also block your access to data until you pay a ransom, known as ransomware.

It's vital that you know how to spot a cyber attack, along with the steps you can take to protect your business and understand what to do if you fall victim to any form of cyber crime.

Common types of cyber crime

Cyber crime covers a variety of activities that can harm your small business. Common types include:

Hacking

Hacking results in a criminal gaining unauthorised access to your computer or computer system.

This kind of attack can use complex and sophisticated techniques.

By exploiting software weaknesses on your computer or network, hackers can access sensitive or financial data.

Phishing

Phishing is an email attack engineered to trick recipients into performing a specific action, such as clicking on a malicious link or attachment that may then download malware to your computer.

Phishing emails may be sent to many people in the hope one or two take action, while some - known as spear phishing - are specially targeted to an individual.

This type of phishing may appear to come from a genuine source asking for payment or information, but fraudsters are behind it.

The Cyber Security Breaches Survey revealed that phishing is the most common cyber attack on small businesses, with 82% of cyber attacks resulting from a form of phishing.

Malware

Malware is software that is designed to disrupt or gain unauthorised access to a computer network or PC.

Malware includes viruses that are often unknowingly downloaded.

Malware can take control of the network, allowing cyber criminals to gain access to sensitive information and data and even access a PC's webcam or record your keystrokes as you type.

Ransomware

Ransomware is a form of malware.

Once cyber criminals hack a computer system, they may block data, effectively holding it to ransom.

Data is only released once a ransom has been paid, generally in cryptocurrency.

A survey by Beaming from 2018 revealed that ransomware attacks were the most financially damaging to UK small businesses, costing an average of £21,000 for each victim.

8 ways to protect your business from cyber crime

Discover 8 ways to protect your small business to help reduce the risk of cyber attacks.

1. Install firewalls

Install firewalls to help keep your computer system protected.

A firewall is security software or hardware that acts as a gatekeeper between your network and external computers.

It filters and checks incoming internet traffic, blocking unauthorised access to your network, effectively establishing a barrier against hackers and cyber criminals.

2. Install anti-virus software

Install anti-virus software on every computer across your network and ensure it is turned on and kept updated.

Not using anti-virus software can be an easy way to let hackers, especially beginners, access your data.

Anti-virus tools are designed to track and remove malware from your system.

3. Keep systems up to date

Keeping your computer's operating system software and applications up to date is crucial as new releases, even minor ones, typically fix bugs, patch security vulnerabilities and add additional security measures.

Updating software can help reduce the chance of cyber criminals hacking into your computer system.

4. Use strong passwords

Use strong passwords to secure access to all your important information as well as your wi-fi connection.

It's a good idea to use a passphrase as they're longer and more complex.

Strong passwords use a combination of numbers, upper and lower case letters and special characters and symbols.

It's a good idea to use a different password for each account.

5. Multi-factor authentication

Implement multi-factor authentication to protect data.

This type of authentication requests that two or more forms of identification be used to allow access.

An example includes supplying a password and then entering a code that is sent to a mobile phone to guarantee an authorised person is accessing the account/information.

6. Make regular data backups

Backing up your data can be a cost-effective way to ensure protection in the event something goes wrong or you fall victim of cyber crime.

Regularly and securely backing up customer information, financial data and other important information is beneficial if your system is held to ransom or hacked.

You can backup information on physical devices or in the cloud, and it's recommended to back up using several systems, such as remote and physical storage.

Always ensure your backups are encrypted and have multi-factor authentication for added protection, and customer data is stored in line with GDPR regulations.

7. Train your staff

Educate your staff to recognise signs of cyber crime.

Scams such as phishing may have tell-tale signs in even the most legitimate-looking phishing emails, so training your staff to identify what these are can help prevent falling into hackers' traps.

Encourage staff to act with caution whenever receiving emails asking for money payments or information and brief staff on the latest scamming trends.

The Cyber Security Breaches Survey reveals that only 13% of small businesses train their staff on cyber security.

8. Create a cyber security plan

Invest time in creating a cyber security plan and ensure regular back-ups and software updates.

Then, if the worst happens and your business does fall victim to a cyber attack you may be able to recover quicker and with less data loss.

Having a formal cyber security plan will help you take action to resolve the issue quickly and prevent it from happening again.

It's also key to understand what kind of attack or breach has been made and what has been affected.

A cyber security plan can help you:

  • Prepare for various cyber attacks and know how to recognise them.
  • Identify and diagnose that a cyber attack has occurred.
  • Report the attack to authorities.
  • Take action to retrieve information and restore operations.
  • Communicate the problem to staff and customers.
  • Evaluate what has happened so you can learn from it.

An important part of debriefing after an incident is asking whether it could have been prevented and how to reduce the risk of it happening again.

Cyber criminals may still attempt to access systems even with the strictest security measures, but there are measures you can take to reduce the risk of becoming a victim.

Learn more about entrepreneurship with our free online courses in partnership with the Open University.

Our free Learn with Start Up Loans courses include:

Plus free courses on finance and accounting, project management, and leadership.

Disclaimer: The Start -Up Loans Company makes reasonable efforts to keep the content of this article up to date, but we do not guarantee or warrant (implied or otherwise) that it is current, accurate or complete. This article is intended for general information purposes only and does not constitute advice of any kind, including legal, financial, tax or other professional advice. You should always seek professional or specialist advice or support before doing anything on the basis of the content of this article.

The Start-Up Loans Company is not liable for any loss or damage (foreseeable or not) that may come from relying on this article, whether as result of our negligence, breach of contract or otherwise. “Loss” includes (but is not limited to) any direct, indirect or consequential loss,  loss of income, revenue, benefits,  profits, opportunity, anticipated savings, data. We do not exclude liability for any liability which cannot be excluded or limited under English law. Reference to any person, organisation, business or event does not constitute an endorsement or recommendation from The Start-Up Loans Company, its parent company British Business Bank plc, or the UK Government. 

Your previously read articles