Top tips for small businesses to manage their cyber risk
Read time: 1 min Date Added: 05/12/2024
Giles and Sarah give 10 dos and 10 don’ts on how small businesses can manage their cyber risk, strengthen their cyber security and protect themselves against potential threats.
Dos:
- Do security training with your teams: Teach all your employees how to spot phishing emails, how to create strong passwords, and the importance of using the internet safely.
- Do encourage the use of strong passwords: Choose complex passwords and use multi-factor authentication (MFA) wherever possible.
- Do keep software updated: Regularly update operating systems, applications, and security software to protect your business against vulnerabilities.
- Do backup data regularly: Make sure to schedule regular data backups and store them in a secure, offline location.
- Do use firewalls, VPNs and antivirus software: Install and maintain robust firewall and antivirus solutions to protect networks and devices from malicious attacks.
- Do limit access to sensitive information: Ensure that employees only have access to the information necessary for their roles.
- Do develop an Incident Response Plan: Create a plan for responding to cybersecurity incidents to minimise damage and recovery time, think how to recover your business not just IT.
- Do monitor your network: Use monitoring tools to look out for unusual activity and potential breaches.
- Do check out the small business guides: Both the National Cyber Security Centre website and Bank of Scotland (PDF, 2.2MB) have lots of free expert advice, tips and guides.
- Do contact your bank, the police, and insurer: If your business does become a victim of a cyber-attack, let your bank know immediately or contact the police via ActionFraud.
Giles Taylor, Head of Resilience and Security, Bank of Scotland
Don'ts:
- Don't forget mobile device security: Make sure mobile devices are protected as they can be a weak link in your cybersecurity defence.
- Don't use public Wi-Fi for business transactions: Avoid using public Wi-Fi for accessing sensitive business information unless you have a secure VPN.
- Don't ignore software vulnerabilities: Ensure that you keep your businesses software up to date to help address any known security flaws and turn on automatic software updates.
- Don't use the same passwords continuously: Ensure everyone in your organisation renews their passwords to log onto devices and software at least every six months.
- Don't overlook physical security: Protect physical access to computers and servers; consider locks, security cameras, and access control measures.
- Don't click on unknown links or open suspicious attachments: Advise employees to verify the source before clicking on links or downloading attachments.
- Don't forget to secure your website and email: Use HTTPS, keep web applications updated, and regularly test for vulnerabilities, and implement Domain-based Message Authentication, Reporting and Conformance (DMARC).
- Don't assume you're too small to be targeted: Understand that cyber-criminals often target small businesses as they may have weaker security measures.
- Don’t panic if you experience a cyber-attack: Contact your bank, police , insurer and the National Cyber Security Centre for guidance.
- Don’t pay a ransom: If one is demanded, there’s no guarantee you will get your data back.
Sarah from the National Cyber Security Centre
