When it comes to choosing cyber security for your business, you’ll want to make sure that all of your important information is properly protected. However, depending on the size of your company and what you do for your customers, you won’t want to pay for things you don’t need.
In this post, we’ll look at security options for small businesses and enterprise-level organisations, and help you work out which one is most appropriate for you.
What is small business cyber security?
When it comes to protecting small businesses, the National Cyber Security Centre (NCSC) outlines five key areas that it recommends you focus on.
- Data backup*
- Protecting against malware
- Protecting BYOD
- Password security, and
- avoiding phishing attacks
*We advise you include disaster recovery along with data backup.
For small businesses, the most important thing is to ensure all sensitive information is protected, especially anything that relates to clients. A cyber breach of systems can have a huge impact on smaller companies and, depending on how long it takes to resolve the issues, can actually force them to close down or declare bankruptcy.
1. Data backup & disaster recovery
A good data backup system regularly makes a copy of all the data your company has on its server. If the worst happens and data is lost, you can have the most recent information reinstalled from the backup.
Disaster recovery is the term given to the steps you have in place for recovering that lost information. Including business continuity means that key tasks are still carried out until data is restored, which minimises the costs of downtime.
2. Protecting against malware
Malware is an abbreviation of the term ‘malicious software.’ There are all kinds of malware out there which are used by cyber criminals use to compromise your company’s data and to find and exploit weaknesses and vulnerabilities in your IT systems.
For example, ‘ransomware’ involves preventing access to information and the criminal demanding payment for access to be restored. Malware may also be adverts which are installed without you realising or a virus of some kind.
3. Protecting BYOD
Employees are using their own smartphones and tablets for work purposes far more than they used to.
If you allow this in your business, then any BYOD must be as protected as your own machines. Think about password protection and restricting access to certain information.
4. Password security
Guessing or bypassing the password on someone’s computer is one of the easiest ways for a hacker to get into your system and cause all kinds of damage.
ATG recommends a robust policy which outlines how staff should set and protect their passwords. You may want to consider using a password manager or two-factor authentication (2FA) for additional security.
5. Avoiding phishing attacks
Phishing is a technique used by cyber criminals to trick people into sharing passwords, personal information and financial details such as bank account or credit card numbers.
Once the criminal has this information, they can get into your internal systems, access intellectual property and client folders, cause a data breach or loss, steal your identity, cost you money, cause downtime and damage your reputation. Protecting against phishing is vital.
If you want to be sure your small business is adequately protected against cyber attacks, you might like to consider NCSC Cyber Essentials certification, which assesses your IT systems and awards accreditation once they verify you’ve taken all appropriate measures.
What is enterprise-level cyber security?
Of course, enterprise organisations also need to protect themselves against the threats outlined above, but there are additional factors you need to take into consideration.
Rather than focusing only on the information you hold within your own servers, at enterprise-level you need to include any cloud-based storage or tools that you use. It also covers third-party providers and any other businesses if you’re in a supply chain.
Enterprise cyber security helps you to protect information while it travels to cloud servers, wireless devices or other people’s servers and devices. It also protects endpoints which may connect to your network.
Multiple devices are connected across multiple networks, and there are many interconnected systems. If you have more than one office location or staff work remotely or on the road, data needs to be secure. Because of this, your enterprise may be more vulnerable to hackers – there are many more potential entry points for them to target.
One way you can protect your data is by adding extra security layers – restrict access even further so everything not related to an individual’s job is unavailable to them. Increase system monitoring, or ask a third-party provider to do that for you, so any potential breaches can be spotted and dealt with quickly.
Predictive cyber security tools are often used by enterprise organisations to act as an early warning system and analyse what type of threat is targeting your data. Next-generation firewalls strengthen server ‘perimeters’ and block attempted hacks. It’s also essential to note that many breaches can go undetected for long periods, so deal with attacks as soon as possible.
Regardless of what type of cyber security you need to have in place, you must communicate clearly with your staff on how to keep their own devices safe. Produce policies and procedures and make sure everyone knows where these are stored. Include security in the induction process, and offer refresher training regularly.
If you have any questions about the level of cyber security your organisation needs, why not give our team a call - we'd love to hear from you!