Major Cyber attacks against enterprises have raised awareness of the growing cybercrime threat. Recent small business surveys from ESET, the Federation of Small Businesses and our National Cyber Security Centre show that many small businesses still have a misunderstanding about cybersecurity.
Attacks can destroy your business
As large companies continue to take data security seriously, small businesses are becoming increasingly interesting targets, and the results are often disastrous for small business owners.
Research from the Federation of Small Businesses in 2019 put the average loss per small business from cybercrime at £7,093 which totals to £3.75 billion per year with 1 in 5 businesses reporting a cybercrime. Many of these companies have postponed improvements to their network security until it was too late because they feared the cost would be too high or too disruptive, they did not perceive it as a valuable investment.
Cybercrime is the 2nd most disruptive crime experienced by smaller enterprises with only theft being voted higher in an FSB survey.
Ways to prevent cyber attacks
Even if you do not currently have the resources to hire external experts to test your computer system and make security recommendations, you can take steps to reduce the risk of costly cyber attacks:
Download and install software updates when the operating system and applications are available.
Employee training on IT security and cyber awareness.
Protect important business data and information with permissions.
Install, use, and regularly update antivirus and antimalware software on all the computers in your company.
Protect your Wi-Fi network. If your workspace has a Wi-Fi network, make sure it is secured, and visitors & personal devices use a separate wireless network.
Control physical access to network equipment and computers.
Restrict who can install software.
Each employee needs a separate account.
Use best password practices with strong unique passwords.
In addition to the recommendations listed, the National Cyber Security Centre (NCSC) offers their 10 steps guide to help business tick the basics while the Cyber Essentials scheme can accredit your business as having the right systems in places.
The importance of installing updates
Research from the FBS in 2019 puts of a figure of 40% of business do not keep their software updated and 35% do not have security software installed.
The ICO (Information Commissioner's Office) fined Gloucester City Council £1000,000 in 2017 after cyber attackers gained access to sensitive private information of council’s staff after they did not update their systems to protect them from a well-known threat.
The attack happened in July 2014, attackers exploited the Heartbleed vulnerability on the council's website, causing 30,000 emails to be downloaded from the city council's email mailboxes. These emails contain financial and confidential information about board members.
“This was a serious oversight on the part of Gloucester City Council. The attack happened when the organisation was outsourcing their IT systems. A lack of oversight of this outsourcing, along with inadequate security measures on sensitive emails, left them vulnerable to an attack.” Sally Anne Poole, Group Enforcement Manager at the ICO.
Why is it important to keep software up to date?
Reduce your chances of a cyber attack: cyber attacks seem impossible until they become a reality. It seems that cyber attacks are everywhere without warning, but updates are usually available before hackers can widely exploit vulnerabilities and breach your systems.
Protect your data: Don’t underestimate the value of the data stored in your device. A hacker can use personal information on one system to access another system, especially when the hacker receives credentials from someone who uses the same password for multiple systems.
Avoid loss of productivity: The unintended consequence of a cyber-attack is system downtime while the breech is investigated, resolved, and repaired. Cyber-attacks can cause two types of financial losses as a result: the cost of repairing the system and the cost of later projects and inefficient employees. This can also affect your business’s reputation which can be much harder to repair when people have lost trust in you.
Customer data protection: The Company is responsible for protecting the information that users trust its system. For companies that do not meet this standard, this may lead to serious consequences. Take Equifax in the US as an example. Their regulator promised to provide 125 or 10 years of free credit monitoring to people affected by consumer data breaches in 2017.
Protect other people on your network: If malware enters your computer network, it can quickly spread to other devices on your network. Therefore, a breech may have catastrophic consequences for the entire network and connected systems.
System Updates and Manage Software with Automatic Patches
It is best to install the updates as soon as possible before attacks use the vulnerabilities they patch.
Basic OS updates can (and should) be applied as soon as they are available. However, a more thoughtful approach is needed for most other software used.
Fortunately, companies can easily manage and update several different software packages with update management solutions.
Update management works by analysing your software and systems to determine if updates are available and download them. These updates can be downloaded in the background and can be installed at the specified time.
Westway IT includes update management in its IT support & service plans, which can be used to manage OS systems and common third-party software packages. Unlike automatic updates we have a process for approving updates before they are installed allowing them to be tested and checked for any major issues that could cause you a problem.
The solution also monitors the status of updates on your systems and alerts when an update fails to install, or a system has not installed recent updates. This update management allows organizations to keep up with software attacks, improve endpoint security and reduce attack methods.
Businesses cannot ignore updating their software infrastructure, cybercriminals rely on companies not to update their systems to exploit vulnerabilities and cause damage. If there is an update, it should be applied in a timely manner.
For more information on Westway IT update management and your company's security, click here.
Westway IT is your technology success partner
A data breach can paralyse your small business and lose thousands of pounds in revenue and/or losses. We have the tools available to help reduce your risk of a cyber-attack through multiple layers of security.
To learn how we could help your business book a free 15-minute call with our team.
Meet John Fisher, founder of Westway IT, passionate about helping businesses thrive with technology. With a BSc in Computer Science, he values integrity, education, and quality relationships. Active in The Tech Tribe and CompTIA, John simplifies IT and creates scalable strategies. Connect with him on LinkedIn.