Cyber security has become a fundamental element of business operations. Ever-changing and escalating cyber threats require investment in security policies, procedures and products no matter a company’s size, market or location.
Large organisations can afford dedicated and highly trained staff to focus on cyber security. SMEs often lack in-house experience and the necessary resources to invest in cyber security, making them vulnerable targets for hackers.
However, with the implementation and enforcement of stringent policies, regular training, and smart use of technology, businesses can do a lot to reduce risk and keep data safe. A methodical, step-by-step approach will get the most effective results.
Creating a cyber risk profile
Creating a security risk profile can help you determine how vulnerable your business is to cyber attacks. Assessing your business’s risk is an important first step to mitigating it.
The way to create a risk profile is to:
- Understand exactly what digital assets the business owns
- Identify threats
- Assess vulnerabilities
- Comprehend the potential effects of a network breach
- Quantify potential losses.
Rallying your defences
There are a number of steps, which are not overly complex or costly, that SMEs can take to protect data from cyber attackers.
- Devise, implement and enforce formal cyber security policies
- Train staff regularly on cyber risk and security. Current employees remain the top source of security incidents
- Install advanced anti-malware and anti-virus software solutions on all computers and mobile devices
- Rather than relying solely on such solutions, consider endpoint security solutions which leverage machine learning and greater system visibility to block attacks
- Keep software up-to-date. One of the largest breaches of consumers' private financial data was due to a failure to install the security updates provided in a timely manner
- Firewalls, which can be implemented with hardware or software, provide an added layer of protection by preventing an unauthorised user from accessing a computer or network. Note, the protection offered by firewalls is only effective if your anti-virus software is up-to-date
- Install a remote backup solution so that if you are attacked, the compromised or lost data can be recovered from an alternate location
- Install encryption software to protect sensitive data, such as employee records, client/customer information and financial statements
- Employ two-step authentication or password-security software for internal programs to reduce the likelihood of password cracking
- Company devices, including laptops, PCs, tablets and smartphones, should be password protected
- Enable two-factor authentication (2FA) and/or install a password manager
- Regularly test your data security systems and procedures
- Monitor networks carefully, looking for unusual traffic spikes that can’t be explained
- Develop a data breach response plan that includes a communications strategy for notifying customers and staff
- Get cyber liability insurance. Your general liability policy will not enable you to recover losses or legal fees associated with a data breach. Some insurance companies offer coverage for SMEs that meets their budgets and risk-exposure levels. The cost of insurance premiums for cyber crime can be impacted by the extent of customers' cyber security protection and staff training programs.
How can you reduce your risk and reduce insurance premiums?
With Dacreed's powerful online compliance training you can train managers and staff in cyber security. Once completed, you'll be able to demonstrate a lower risk profile to our partner insurers and get lower premiums - saving you and your business money.