SMEs: How to arm your business against cyber crime


Anna White Enterprise and Property Correspondent

July 22, 2014

Ten tips for entrepreneurs in the fight against cyber crime

Small British businesses are under attack every day from cyber criminals yet, according to experts at accountancy firm KPMG, two thirds of all companies disregard the threat.

A lack of resources can render SMEs vulnerable compared to the rich pickings of the FTSE 250, so arm yourselves with these basic tips.

1 Know your enemy

Sit down with your board to discuss and agree what information or assets your competitors, or criminals, may want to get their hands on.

Think about how they could access it – can they hack into your emails or bribe employees for info? – and make sure you have appropriate steps in place to protect it.

This could be firewalls or encrypted files and it could be clarifying disciplinary procedures for staff breaching confidentiality.

2 Be on the front foot

Talk to your sponsors or investors about the threat to the business and seek their financial support to have protection in place before anything happens. Think of it as car insurance – after all, you’d take out a policy before a crash.

3 Hoard and share intelligence

Don’t think ‘it’ll never happen to me’. Use government websites to keep abreast of the current threat level and latest ways criminals hack into systems to be aware of what attacks are out there, rather than do nothing.

4 Train staff

Don’t assume your people have knowledge.

Remind them not to open emails from unknown sources and ensure they don’t readily share information without knowing who they are talking to.

5 Trust no one

Anti-virus isn’t the only answer. You need to educate your staff about sharing files, opening files from external sources and clicking on links that may be unsafe. Don’t solely rely on your IT provider for security of company data and systems. Delegate at your peril.

6 Home and mobile working

Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both on the move and at rest.

7 Don’t panic Mr Mainwaring

Establish an incident response and disaster recovery plan. Just like a fire drill, practice and perfect your reaction to a hacking and nominate a skilled “cyber warden”. Always report criminal incidents to law enforcement.

8 Create a strong password

This is your front line of defence. Think of a password as a sentence not a word, misspell it and include numbers and capitals. Remember to change the default passwords which are often “admin” or, even less imaginatively, “password.”

9 Home guard

As the managing director of a small business a breach of your personal details may well provide an entry point to your business.

Bank safely online, check websites are safe before entering financial details and shred your bills or any correspondence with information that may jeopardise your personal identity.

10 Don’t become an accomplice

Familiarise yourself with the Data Protection Act. If customer data is compromised by, say, the theft of an employee laptop in a pub after work, your business reputation could suffer. On top of that there could be a hefty fine, starting at £500,000.

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter