When it comes to protecting your SME against lurking cyber-security threats, there are a number of obvious steps you’ll have probably taken already – for instance, setting strong passwords, encrypting sensitive files, installing anti-virus software and warning employees not to click links in dodgy-looking emails.
But it’s also likely that there are some key vulnerabilities that you’ve overlooked in your preparations. However hard you try, the truth is that there’s always more that can be done to safeguard your company against a cyber-attack. So, whilst it might seem like you’re fighting a losing battle, don’t be disheartened! Getting the small things right does make a difference and helps to bolster your defences.
We’ve identified some of the key hotspots for cyber-threats that tend to be ignored or forgotten about – so make sure these are on your radar!
- Old equipment – Outdated computers and other legacy machines that are connected to the internet may still seem to function as well as you need them to, but many are no longer supported by their manufacturers. Keeping hardware and software up-to-date is vital for warding off the latest cyber-threats. So, if any tech that you’re using within your business no longer has security updates available, it’s a good idea to look at replacing it with newer versions.
- Third-party software – The way in which software and apps are developed has evolved in recent times – third-party programmes have become favoured over those created by the vendor, and are often created using open-source tools. Whilst this method can provide greater freedom and scope for creativity, the security and testing procedures are often far from rigorous. This can open the door to cyber-attacks and leave users’ sensitive information exposed.
- Remote workers – Flexible and remote working has indisputable benefits, but it can also be the root of some serious cyber-security issues. It’s crucial to ensure that any WiFi network used to access company files or sensitive information – including emails – is secure, and you should encourage the use of a Virtual Private Network (VPN) if public internet is unavoidable. Introducing a BYOD (bring your own device) policy – covering things like password protection, encryption and updates – is also a good idea, if employees use their own phones/tablets/laptops for work.
- Outdated training – If high security standards are to be retained, employee training needs to keep up with evolving technology – and threats. Outdated knowledge and lapsed awareness of the security risks out there can pose a significant danger to businesses, so keep an eye on trusted sources – such as the National Cyber Security Centre website – for updates on the latest cyber-threats and advice on how to prepare your team.
- Social media hacks/scams – It might not have even crossed your mind, but the hijacking of your company’s social media accounts could have some serious real-world impact on your wider business – most notably sales and reputation. It’s therefore a good idea to limit the number of employees with access to your accounts – ideally just one or two – to minimise the chance of a password leak or a phone being lost. You should also consider implementing a company-wide policy, to ensure that staff know never to send sensitive details via these channels, to be wary of any offers and to be careful about how much information is shared relating to internal business operations.
- IoT – The Internet of Things encompasses a huge number of different connected devices. Appliances as seemingly innocent as printers, speakers and refrigerators now have the potential to be hacked, so being aware of precisely what items you have connected to your business WiFi network – and your home internet, if you work remotely – is essential. Many IoT devices don’t come with guaranteed long-term system support from the manufacturer, so be sure to do your research before investing in such tech.
- Human error – At the end of the day, we’re all human, and sometimes mistakes are made. However, it’s precisely this vulnerability that many cyber-attacks rely upon directly – phishing attacks work by lulling email recipients into a false sense of security or urgency, for instance. So, it’s crucial to be aware of such social engineering tactics, and ensure your workforce is equipped with enough knowledge and understanding to remain vigilant in the face of such threats. Where cyber-security is concerned, employees can either be your most effective line of defence or your biggest weakness – it largely comes down to the training and resources they’re given.
- Limited resources – Although there are a number of steps you can take to enhance your cyber-defences that don’t cost a thing, some investments will need to be made. Looking at the bigger picture, the benefits of paying out for a system update, some in-house cyber-security training for staff or vital software upgrades vastly outweigh the potential financial consequences of a cyber-attack. Aside from the possibility of payment details being stolen, failure to secure sensitive information relating to clients, customers, employees or anyone else could lead to some hefty penalties under the GDPR. So, be sure to prioritise cyber-security within your IT and wider business budgeting.
And remember – you don’t have to go it alone! For smaller companies and those with minimal in-house technical expertise, outsourcing IT support can be a brilliant – and cost-effective – solution. Whilst it’s important to have a good understanding of cyber-security, enlisting specialist help – instead of trying to become an expert yourself – can free up valuable time for you to focus on doing what you do best.
Our 12-step cyber-security guide is a great free resource to help boost your SME’s defences! Why not get in touch today to discover more about how we could help support your company?