The Federation of Small Businesses reported that 42 per cent of its membership had been affected by cyber crime in some way during 2014 and that on average each of these attacks had cost the businesses in question over £4,000.
Cybercrime, from simple viruses to complex fraud, is a modern day thorn in the side of every business leader but it is our responsibility to make sure that our businesses, customers and bank accounts are fully protected and that we keep the protection up to date and current. The disruption caused by cybercrime is a serious barrier to growth and can cause irreparable damage to a business’ capability to trade and its reputation.
As with physical security, the motivations for breaches of computer security vary. Some are thrill-seekers or vandals, others are activists or criminals looking for financial gain. state-sponsored attackers are now common and well resourced, but started with amateurs such as Markus Hess who hacked for the KGB, as told by Clifford Stoll in the 1989 thriller “The Cuckoo’s Egg”.
The top ten tips for the online security of businesses looks like this:
Implement a combination of security protection solutions including ant-virus, anti-spam and firewalls.
Carry out regular security updates on all software and all devices.
Implement a highly resilient password policy – passwords should have a minimum of eight characters and should be a random collection of letters, numbers, capitals, lower case and special characters.
All password should be changed regularly – best practice says on a weekly basis.
Secure your wireless network.
Implement clear and concise procedures for email, internet and mobile devices.
Train all staff in good security practices on an ongoing basis and consider / implement employee security checks.
Implement and test back-up plans, information disposal and disaster recovery procedures.
Carry out regular security testing on your website.
Check provider credentials and contracts when using cloud services.
If your business has been the victim of a cybercrime, you should report it to the police. This will enable the police to identify areas of concern, patterns of cyber crimes and may assist in identifying offenders. It may also stop other businesses falling foul of the same crime.
Large businesses with a substantial and knowledgeable IT departments may have a security specialist or team. The small business leader and owner are unlikely to be able to afford (and possibly do not need) this level of expertise in-house but there are a number of third party companies now who will provide you scanning and protection services along with off-site (usually in the cloud) storage and disaster recovery services.