How to improve your IT security
Despite common misconceptions, smaller businesses are a prime target for cyber criminals. We provide a practical and multi-faceted approach to improving IT security for SMEs.When it comes to IT security for SMEs, there is a large discrepancy between perception and reality. This is particularly true among smaller businesses. In the UK, SMEs account for 99.2% of private sector business and contribute £2.3tn to the economy.
It is not surprising therefore that they are an attractive target for cyber criminals. Many companies however believe they are too small to be targeted by cyber criminals. In reality, SME's account for 66% of cyberattacks and are the sector most at risk. Smaller companies are less likely to have sophisticated security defences in place. This makes them an attractive target for cyber criminals who look to exploit any potential vulnerabilities. Just as smaller businesses are less likely to have robust cyber security defences, they are also less likely to have the resources to respond to an attack. Attacks can be costly in terms of restoring your systems, data loss, potential reputational damage and risk to your clients’ systems. So with increasingly sophisticated cyber-attacks, how can you protect your business?
How to improve your IT Security - SME Checklist
As always, prevention is better than cure. We advocate a multi-faceted approach to securing your systems, taking into account your software, hardware, policy and education. Whilst the list below is not exhaustive, it provides a good starting point:
- Patch Updates: Microsoft and other software vendors regularly issue patches to secure vulnerabilities, fix bugs and improve features. Deploying these patch updates quickly fixes vulnerabilities which may otherwise be exploited by cyber-criminals. Patching is arguably one of the most important aspects of your IT security strategy.
- Antivirus software: If you are using the internet, email or transferring files, your computer is exposed to malware. Antivirus software helps protect against these threats. Whilst there are numerous products available, we recommend Trend Micro. This software offers heightened levels of protection, without affecting user performance or speed.
- Firewalls: Sitting at the gateway to your systems, firewalls inspect all data passing in and out of your network. They help to identify and block unwanted traffic. Depending on your budget and requirements, the specification of firewalls varies significantly. We are therefore happy to discuss options available.
- Email: 91% of attacks start through email via phishing or spear-phishing. Attacks are becoming more sophisticated and difficult to detect. In particular, impersonation tactics are used to steal credentials and company data. There are however Cloud solutions, such as Mimecast, that offer targeted threat and malware protection. These remove threats before they reach your network.
- Policy: An effective IT Policy will help employees understand what is acceptable practice. Policies should address password privacy and management, regular patch updates and restricted administrator access. In addition, they should provide guidance on internet and email usage.
- Education: Raising awareness of IT security will help employees react appropriately when exposed to a threat. In fact, employee education is one of the most effective ways to enhance your company’s overall IT security strategy. We recommend using penetration testing and phishing simulations to identify vulnerabilities and raise awareness.
- Cyber Essentials: We recommend becoming Cyber Essentials certified. This is a government led scheme which identifies 5 key control measures to protect your business against the most common cyber threats. According to the UK government, it could prevent around 80% of cyber-attacks. Certification starts from as little as £300+VAT and can help you meet your GDPR compliance requirements, as well as demonstrating your security commitment to customers and suppliers.
For more recommendations, check out our Top 6 tips to secure your endpoints from cyber-attack.
Summary
In summary, SMEs are a prime target for cyber criminals. This is not only because of their weaker defences but also because they are an attractive route into larger companies with whom they work. Whilst small businesses are starting to appreciate the implications of cyber-attacks, many still have a lot to do to secure their systems. Putting steps in place to protect your business now can avoid future reputational damage, data loss or fines. This is particularly important now GDPR has come into force. For more information on how to improve the IT security for SMEs, please get in touch.