As more and more businesses move online, small business owners are starting to consider their cyber security and how they can protect themselves and their customers from cyber attack.
We talked to Andrea Manning, CEO of Cyberpie at one of our Business Growth Webinars, and she took us through what cyber security is and the most common kinds of attacks. She also gave us some tips on simple, quick, and inexpensive ways to slowly increase cyber security for your business.
In this guide, we’ll take you through these steps to help you build up your cyber security over time.
What is cyber security?
Cyber security involves putting actions in place to protect your online systems, programmes, data, and devices from cyber attack. A cyber attack is any attempt by a cybercriminal or “hacker” to damage or destroy a computer network or system.
Hackers may try to attack your networks to get access to private details stored there, such as credit card details, or to hold the software you need to run your business ransom until you pay for it to be released. However, there are simple steps you can take to protect yourself from attack and mitigate the damage if an attack does happen.
Different kinds of cyber attack
There are two main categories of cyberattacks:
- Targeted attacks
- Non-targeted attacks
Targeted attacks are designed to specifically attack one individual or group of individuals, such as a government agency.
The more common type of attack for small businesses are non-targeted attacks. These are targeted at large groups of people via the internet in the hopes that a small fraction will be successful. Cybercriminals will try to get individuals to give them access to a system, for example, by prompting them to give up their passwords.
Understand how cybercriminals operate
Cybercriminals play on emotions to get people to make mistakes that let them commit cybercrimes. There are several emotions hackers manipulate to make us more open to cyber attack.
- Greed – 2 for 1 offers or money off offers tempt us to click suspicious links or give our credit card details
- Curiosity – we can’t help clicking links because we are curious and want to know what the links are. Hackers may try and get us to click by labelling the link as something interesting, like a video or news story.
- Urgency – cyber criminals often try and create a sense of urgency in their attacks. For example, they may send an email or message saying that your debit card isn’t working, and you need to enter your details so they can fix the problem
- Helpfulness – scammers often try to relate to people by making conversation . This may make you want to help them
- Fear – a hacker may tell you that your bank account has been hacked and will be emptied if you don’t click a link to reset a password
In cases like these, it’s always best to double-check. For example, if you get a suspicious email claiming to be from your bank, go onto your bank’s website to find the contact email for customer support and reach out to them. They can verify whether the email is legitimate.
How cyber security applies to small businesses
Cyber security is becoming more relevant for small businesses as cyber criminals get more sophisticated and the number of people they can target at any one time grows.
- The cost of cybercrime is growing – in 2021 the total economic cost of cybercrime was €9.6 billion. Cybercrime is becoming more profitable as more and more people are using the internet for personal and business use
- Almost half of online attacks are aimed at small businesses, but most are not set up to protect themselves. This can make small businesses especially vulnerable to attack
- Small businesses often use simple systems which may be easier to target. For example, many businesses many will only use a single computer when they are starting out and won’t have access to an IT department
- Cybercriminals can target small businesses in several areas – they may try to access your business banking details, the banking details of your clients, your client list with their email addresses
The impact of cybercrime on your business
Financial losses
High costs
Damage to your reputation
Where small businesses are vulnerable
-
Passwords
Having passwords that are too simple and easy to guess or using the same password for more than one account can make it easier for cybercriminals to target your business
-
Clicking suspicious links
Hackers will often send links in emails that encourage you to click. These links are often viruses which are then downloaded onto your computer or device
-
Human error
Everyone is human and makes mistakes. However, these mistakes can make individuals and businesses more open to attack. Mistakes that might compromise your cyber security include sharing your passwords with others
-
Invoice fraud
Cyber criminals may target businesses by sending them emails pretending to be a service provider and prompting them to pay a bill. It can be tempting to do this right away to avoid outstanding bills. If in doubt you should always contact your service provider directly
-
Ransonware
This kind of attack involves a cybercriminal accessing your files and asking for money before they will give them back to you
-
Social media
Cybercriminals can also target business social media accounts. They may lock your account and ask for payment to unlock it
Quick wins
Secure your email – Google offers a free security check-up where you can see whether your account has been breached, how many devices are signed in to your account, and any recent activity, such as password changes. You can also check which apps you have signed into with your Google account. You should sign out of any apps you don’t recognise or use anymore and change your password if you don’t recognise any of the activities
Secure your Social Media – set up 2-factor authentication for all your business and personal social media accounts. This means that if someone attempts to access your account from a new device, a code will be sent to you via your phone or email to confirm if it is you. If someone does access your account without permission, you can use 2-factor authentication to change your password and regain access
Use a free website security check and malware scanner – Sites like sucuri will check your website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code. One good habit to adopt is using sites like these once a month to ensure your website is safe
Protect your Passwords – most modern hackers don’t need to break into online accounts. They can often just guess users’ passwords. If your password is something easy to guess, like your children’s or pet’s names, hackers can easily find this information from your social media accounts and attempt to hack into your accounts using these as passwords. You can check whether your email or phone is in data breach using sites like haveibeenpwned
Use a password manager – password managers like Keeper, Dashlane, and 1Password, allow you to store complex passwords and input them automatically to sites when you want to sign in on your device. Sign up for free trials to test the different password managers on offer and find one that suits your business
Check suspicious links – sites like virustoatal can tell you if a particular link is associated with a scam. This might not be 100% effective for new scams the tool isn’t aware of yet but is still good practice to use
Back up your data – if your data is hacked, it’s important to have regular backups you can fall back on so your business can continue while you work on a solution
Have a leavers policy – you should have a policy for any employees leaving your company to make sure they don’t maintain access to company passwords after they leave
Lock up your data – simple methods such as making sure computers are locked when you leave the room can help avoid your business computers from cyber attack
What to do if you are a victim of a cybercriminal
If you are a victim of cybercrime, there are steps you can take to limit the damage done to your business.
- Have a plan in place – you should have a plan in place in case of a cyber attack. This includes what you will do if your website goes down. Consider how you will contact your developer and whether you can do so on a weekend or holiday. Create a plan of action if all systems are down. For example, consider how you will pay staff if your payroll system is down
- Educate your employees – make time to hold cyber security workshops for all employees. Make sure everyone in the business knows what to do in case of cyber attack. Focus on having a culture of openness and don’t blame employees for human error. Employees should feel comfortable admitting mistakes so they can be addressed as soon as possible
- Let the Data Protection Commission know – in case of a data breach where a cybercriminal accesses private data, you must let the Data Protection Commission know within 72 hours. You should assign someone to do this in case of attack
- Take your time – a cyber security strategy can’t be built overnight. Create a list of actions you can take to increase security in your business and do one action a week. This way, you can build your protection up over time.
Cyber security courses
Cyberpie specialise in helping small businesses build up their cybersecurity over time. They can provide you with actions that take as little as 5 minutes a week. Their courses can help you spot and fix security risks, meet your GDPR requirements and build your customer’s trust.
You can book a 90-minute cyber security health check with Cyberpie or check out their subscription options to find one that suits your business. You can also contact Andrea directly for advice by emailing andrea@cyber-pie.com
In summary...
Cyber security is becoming a priority for many small businesses as more and more people (and customers) move online. However, cyber security doesn’t have to be expensive or take a lot of time. By taking small actions every week, you can build up your cyber security over time and protect yourself and your customers from online attacks.
Kelly is the Marketing Manager at Kinore. Kelly is passionate about making the complexities around running a business simple to understand and accessible to the every-day person. Kelly holds a Bachelor of Science (BSc) in Marketing from Dublin Institute of Technology.