Digital technology has revolutionised the way we do business. But are you taking the correct precautions to stay safe online?
Why cyber resilience?
Protecting ourselves from cyber crime is essential for Scotland’s reputation as a secure location in which to do business. Consumer confidence drives business growth, making our economy more competitive. Cyber resilience makes sense for Scotland but also locally for small businesses.
Practicing cyber resilience will help you to:
- Enhance and strengthen your business’ reputation
- Show customers and suppliers you take confidentiality seriously
- Bid for contracts
Prevention is cost-effective and being resilient is an opportunity to create value and differentiate your business from your competitors.
It’s also a key decision for your business and shouldn’t just be left to your IT department.
Know the risk
Companies from across different industries and sectors are targeted by cyber criminals on a daily basis for their intellectual property or customer data.
Research has shown that although SMEs are under threat, they often underestimate their risk.
Last year, more than 60% of SMEs in Scotland experienced a security breach but 65% still think they are not a target. Nearly 40% spend nothing on security.
Cyber security should be seen as similar to physical security: passwords are locks, firewalls are fences, anti-malware is the alarm system and backing up data is content insurance.
Spot the danger
Businesses can be targeted through various mediums. Two of the most common are phishing and ransomware.
When hackers send emails to trick employees into clicking links or opening attachments, it's known as phishing.
It’s estimated that 91% of targeted cyber attacks begin with a phishing e-mail. On average, 23% of users open these emails, and 11% open the attachments.
These often take the form of instructions to pay an invoice, update a password or claim a prize. Other tell-tale signs include:
- Absence of name
- Being asked to visit a website or open an attachment
- Spelling mistakes and poor grammar
- An email address similar to a real company but with extra characters
- A different website shown to the link when hovering your mouse over the text
Increasingly common, malware locks the files on a computer and demands a ransom.
It's important to regularly backup data to reduce this threat. Paying criminals is risky, and there’s no guarantee they will unlock the files.
Protecting your business
Most attacks come about because an employee clicks on a link or makes a mistake.
Educating your employees to recognise attempted cyber attacks will help protect your business. The consequences of cyber crime can be significant, encompassing everything from reputational damage, financial loss or access to key systems.
Employees should be aware of the importance of having strong passwords, ensuring that devices holding data are password-protected. They should also observe basic security measures, locking computer screens when leaving desks and avoiding conducting business over WiFi.
5 key security steps to consider for your business:
1. Boundary controls
Install firewalls to prevent unauthorised access to your site. Password protect your WiFi and avoid using public WiFi when conducting business.
2. Secure configuration
Limit opportunities for attackers by disabling unused accounts and services. Use strong passwords and back your data up regularly
3. Access control
Restrict access to valuable data and systems by making sure accounts are cancelled when employees leave the company. Log out of computers when unattended and set up administrator accounts
Anti-malware technology scans computers for malicious files. Make sure to install and set to automatically check for updates to protect against new threats.
Hackers target old and vulnerable systems. Stay safe by making sure yours are up-to-date.
Further help and advice
To keep your business protected from online crime, speak to your local Business Gateway or your Scottish Enterprise or Highlands and Islands Enterprise adviser (if you have one), or contact the Scottish Business Resilience Centre.
Cyber resilience guidance from the Scottish Business Resilience Centre