The National Cyber Security Centre (NCSC), the UK government’s cyber authority, reccomends five key steps to keep SME’s secure.
We have summarised the guidance below; its a great place to start for any SME wanting to secure their business.
1. Back up your data
Cyber-attacks targeting small business often involve making your data unavailable so that your company’s IT system stops working.
To mitigate this threat, you need to have back-ups of your data and applications, so your IT system can be restored.
Backing up data is often a dull task, but its needs to be part of your business routine.
Ensure any back-ups are separated from your normal network and can be accessed in an emergency. Practice this process periodically so you can implement it in a crisis.
2. Protecting your organisation from malware
This section is about knowing your IT network, understanding the systems running on it and keeping them up to date.
Ensure your system’s antivirus software, such as Windows Defender, is enabled. This is a basic first line of defence and will stop routine threats.
You must understand whether any of your key systems fall outside of this protection.
Patching, updating software with the latest version, is important as updates often prevent systems from being exploited by attackers. Design a patching routine once you understand your network.
Create some basic policies to stop users enabling attacks. Examples include; preventing the use of USB sticks (they can import viruses) and user profiles for staff that do not enable access to all of the network (they could give a hacker the keys to your kingdom).
3. Keeping your smartphones and tablets safe
You need to understand which phones and tablets are used by your company; any phones or tablets are an extension of your corporate network and require basic protection.
As you would for your personal phone or tablet, ensure your corporate equivalents are protected with a decent PIN number and the operating system and apps are kept up to date. As phones could be stolen, having appropriate tracking software will enable you to wipe data if they fall into the wrong hands.
Avoiding using free public Wi-Fi networks is prudent as they can be accessed by attackers, but ensuring your phone is up to date is the most important defence and is key to securing them against most threats.
4. Using passwords to protect your data
Avoid passwords that use obviously simple phrases such as ‘pword123456’ or similar. But the most essential element for protecting systems and accounts is multifactor authentication (MFA).
MFA is key to stopping even the most sophisticated cyber attackers.
Whilst the NCSC recommend protecting your key accounts with MFA, we believe that all accounts, especially administrative accounts and systems should be protected by MFA.
All systems, such as laptops or phones, or software such as email or accountancy programs, should be protected with a password or PIN. A password manager will enable your staff to avoid re-using passwords and to store them securely.
5. Avoiding phishing attacks
Phishing – the sending of fraudulent emails that contain viruses or dodgy links – is the most popular way for cyber attackers to infiltrate your network. Protecting against phishing requires technical and human defences.
Ensure the accounts of your staff do not enable them to access parts of the company they do not need to. Protect administrator accounts, they should not be used for internet browsing or email usage.
Many of the latest technical defences struggle to stop phishing emails. You need to equip your staff with the confidence and knowledge to spot phishing and report any suspicious phishing emails. This can be done using the latest threat updates (see here).
Implementing the 5 steps
This is a summary of the NCSC advice, like most things related to cyber security, its more complex to implement the guidance than understand it.
We at 2tela are experts at understanding our clients, assessing their needs, and working with them to implement cyber protection.
If you would like an initial free discovery call to discuss how to put in place the 5 steps, please click here