As more and more businesses move online, small business owners are starting to consider their cyber security and how they can protect themselves and their customers from cyber attack. 

CyberpieWe talked to Andrea Manning, CEO of Cyberpie at one of our Business Growth Webinars, and she took us through what cyber security is and the most common kinds of attacks. She also gave us some tips on simple, quick, and inexpensive ways to slowly increase cyber security for your business. 

In this guide, we’ll take you through these steps to help you build up your cyber security over time. 

What is cyber security?

Cyber security involves putting actions in place to protect your online systems, programmes, data, and devices from cyber attack. A cyber attack is any attempt by a cybercriminal or “hacker” to damage or destroy a computer network or system. 

Hackers may try to attack your networks to get access to private details stored there, such as credit card details, or to hold the software you need to run your business ransom until you pay for it to be released. However, there are simple steps you can take to protect yourself from attack and mitigate the damage if an attack does happen. 

Different kinds of cyber attack

There are two main categories of cyberattacks:  

  • Targeted attacks 
  • Non-targeted attacks 

Targeted attacks are designed to specifically attack one individual or group of individuals, such as a government agency. 

The more common type of attack for small businesses are non-targeted attacks. These are targeted at large groups of people via the internet in the hopes that a small fraction will be successful. Cybercriminals will try to get individuals to give them access to a system, for example, by prompting them to give up their passwords. 

Understand how cybercriminals operate

Cybercriminals play on emotions to get people to make mistakes that let them commit cybercrimes. There are several emotions hackers manipulate to make us more open to cyber attack. 

  • Greed – 2 for 1 offers or money off offers tempt us to click suspicious links or give our credit card details 
  • Curiosity – we can’t help clicking links because we are curious and want to know what the links are. Hackers may try and get us to click by labelling the link as something interesting, like a video or news story. 
  • Urgency – cyber criminals often try and create a sense of urgency in their attacks. For example, they may send an email or message saying that your debit card isn’t working, and you need to enter your details so they can fix the problem 
  • Helpfulness – scammers often try to relate to people by making conversation . This may make you want to help them 
  • Fear – a hacker may tell you that your bank account has been hacked and will be emptied if you don’t click a link to reset a password 

In cases like these, it’s always best to double-check. For example, if you get a suspicious email claiming to be from your bank, go onto your bank’s website to find the contact email for customer support and reach out to them. They can verify whether the email is legitimate. 

How cyber security applies to small businesses

Cyber security is becoming more relevant for small businesses as cyber criminals get more sophisticated and the number of people they can target at any one time grows.  

  • The cost of cybercrime is growing – in 2021 the total economic cost of cybercrime was €9.6 billion. Cybercrime is becoming more profitable as more and more people are using the internet for personal and business use 
  • Almost half of online attacks are aimed at small businesses, but most are not set up to protect themselves. This can make small businesses especially vulnerable to attack 
  • Small businesses often use simple systems which may be easier to target. For example, many businesses many will only use a single computer when they are starting out and won’t have access to an IT department 
  • Cybercriminals can target small businesses in several areas – they may try to access your business banking details, the banking details of your clients, your client list with their email addresses 

The impact of cybercrime on your business

Cybercrime can have several short-term and long-term effects on your business.

Financial losses
from loss of banking details or disruption to your business
High costs
to secure your business against cyber threats
Damage to your reputation
if your customers find out their data was breached

Where small businesses are vulnerable

There are a number of areas your small business may be vulnerable to attack. By knowing the areas cybercriminals target you can make a plan to protect your business.

  • Passwords

    Having passwords that are too simple and easy to guess or using the same password for more than one account can make it easier for cybercriminals to target your business

  • Clicking suspicious links

    Hackers will often send links in emails that encourage you to click. These links are often viruses which are then downloaded onto your computer or device

  • Human error

    Everyone is human and makes mistakes. However, these mistakes can make individuals and businesses more open to attack. Mistakes that might compromise your cyber security include sharing your passwords with others

  • Invoice fraud

    Cyber criminals may target businesses by sending them emails pretending to be a service provider and prompting them to pay a bill. It can be tempting to do this right away to avoid outstanding bills. If in doubt you should always contact your service provider directly

  • Ransonware

    This kind of attack involves a cybercriminal accessing your files and asking for money before they will give them back to you

  • Social media

    Cybercriminals can also target business social media accounts. They may lock your account and ask for payment to unlock it

Quick wins

There are several simple, quick, and inexpensive steps you can take to increase your cyber security and protect your business from attack.

Secure your email – Google offers a free security check-up where you can see whether your account has been breached, how many devices are signed in to your account, and any recent activity, such as password changes. You can also check which apps you have signed into with your Google account. You should sign out of any apps you don’t recognise or use anymore and change your password if you don’t recognise any of the activities 

Secure your Social Media – set up 2-factor authentication for all your business and personal social media accounts. This means that if someone attempts to access your account from a new device, a code will be sent to you via your phone or email to confirm if it is you. If someone does access your account without permission, you can use 2-factor authentication to change your password and regain access 

Use a free website security check and malware scanner – Sites like sucuri will check your website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code. One good habit to adopt is using sites like these once a month to ensure your website is safe 

Protect your Passwords – most modern hackers don’t need to break into online accounts. They can often just guess users’ passwords. If your password is something easy to guess, like your children’s or pet’s names, hackers can easily find this information from your social media accounts and attempt to hack into your accounts using these as passwords. You can check whether your email or phone is in data breach using sites like haveibeenpwned 

Use a password manager – password managers like Keeper, Dashlane, and 1Password, allow you to store complex passwords and input them automatically to sites when you want to sign in on your device. Sign up for free trials to test the different password managers on offer and find one that suits your business 

Check suspicious links – sites like virustoatal can tell you if a particular link is associated with a scam. This might not be 100% effective for new scams the tool isn’t aware of yet but is still good practice to use 

Back up your data – if your data is hacked, it’s important to have regular backups you can fall back on so your business can continue while you work on a solution 

Have a leavers policy – you should have a policy for any employees leaving your company to make sure they don’t maintain access to company passwords after they leave 

Lock up your data – simple methods such as making sure computers are locked when you leave the room can help avoid your business computers from cyber attack 

What to do if you are a victim of a cybercriminal

If you are a victim of cybercrime, there are steps you can take to limit the damage done to your business. 

  • Have a plan in place – you should have a plan in place in case of a cyber attack. This includes what you will do if your website goes down. Consider how you will contact your developer and whether you can do so on a weekend or holiday. Create a plan of action if all systems are down. For example, consider how you will pay staff if your payroll system is down 
  • Educate your employees – make time to hold cyber security workshops for all employees. Make sure everyone in the business knows what to do in case of cyber attack. Focus on having a culture of openness and don’t blame employees for human error. Employees should feel comfortable admitting mistakes so they can be addressed as soon as possible 
  • Let the Data Protection Commission know – in case of a data breach where a cybercriminal accesses private data, you must let the Data Protection Commission know within 72 hours. You should assign someone to do this in case of attack 
  • Take your time – a cyber security strategy can’t be built overnight. Create a list of actions you can take to increase security in your business and do one action a week. This way, you can build your protection up over time. 

Cyber security courses

Cyberpie specialise in helping small businesses build up their cybersecurity over time. They can provide you with actions that take as little as 5 minutes a week. Their courses can help you spot and fix security risks, meet your GDPR requirements and build your customer’s trust. 

You can book a 90-minute cyber security health check with Cyberpie or check out their subscription options to find one that suits your business. You can also contact Andrea directly for advice by emailing andrea@cyber-pie.com 

In summary...

CyberpieCyber security is becoming a priority for many small businesses as more and more people (and customers) move online. However, cyber security doesn’t have to be expensive or take a lot of time. By taking small actions every week, you can build up your cyber security over time and protect yourself and your customers from online attacks.

?>