Small businesses are most at risk from cyber attacks, but planning ahead can make the difference between a swift recovery and company closure
Small businesses make the most tempting targets to hackers. They don’t have the same money to spend on security as big international companies, meaning that someone with even a passing knowledge of malware has a good chance of infiltrating a local store or company’s data, and ransoming it or selling it for a nice profit. It’s low risk and high reward, which is why small businesses need to know exactly what to do to repel cyber attacks, as well as what to do if the worst should happen.
You might not be able to plan for every possible type of incident, but by identifying your weak spots you can better armour yourself against malware. Follow the guide below to armour your business against cyber security incidents, with help from the experts at Syntax IT Support.
Know what you need
Ask yourself: what electronic data do I absolutely need for the day to day running of my business? Where is this data stored? Is it on a single machine in your office, a remote server, or in the Cloud?
Wherever you keep it, this is the data that needs to be backed up regularly: the contact details, documents, emails, calendars and financial reports that your business relies on. Every Monday morning or Friday evening, back this data up, and ensure that the backup is working. Then if this data is wiped, you will have another copy to hand, and will have lost a few days worth of data at most, as opposed to weeks or months of it.
A big part of damage control after a cyber attack will involve contacting clients/customers and suppliers, so that they are not also affected. Keep an up-to-date list of contact details in a secure location that you and your staff can easily access, to provide alternative suppliers and alert them to any disruption they may face. This will limit the reputational damage that comes after a cyber attack.
Identify the target
Cyber criminals will target what is most important to the running of your business. Consider what would happen if you did not have access to those resources and assets you’ve identified above. This will help you understand what’s important to your business, why it’s important, and what you are currently doing to protect them, and where you need additional protection.
Discussing what your business values and what you’re doing to protect it should be part of your daily business procedure. Make it a feature of weekly meetings or morning briefings, and inform yourself of any cyber attacks in your local area, or on businesses similar to your own, so you know whether cyber security needs to climb higher on your list of priorities.
A business is made up of the people who work there, so include your staff in your incident plans. Assign specific responsibilities to specific employees in the event of a cyber attack. One person can be in charge of retrieving phone numbers, for example; another of restoring backups in the event of data loss. Document which staff members hold which responsibility, and how they may be contacted in an emergency.
After you have assigned tasks, you should test your staff’s understanding of their role regularly through exercises. This will help you to identify any weak spots, and tweak your plan accordingly.
Hackers don’t expect small businesses to be able to fight back against malware or ransomware, but by preparing your company for the worst, you will ensure that any attack on you is destined to fail.