When it comes to digital security, the attitudes of small business owners are beginning to change. Across the UK, and across multiple sectors too, we are beginning to see a shift towards companies protecting themselves more robustly online. Still though, and regardless of the media coverage of hacking scandals, there are some who still refuse to believe that there is a very real threat that surrounds them.
The SME attitude is often that they have nothing to protect. Even some of the more tech-savvy directors we have dealt with assume that the data they hold is inconsequential and worth very little to a potential hacker. They also argue that there is no requirement under PCI rules for them to have security, as they don’t hold credit card or payment details on their network. These particular business owners are complacent, and often oblivious to what a potential cyber criminal’s true intentions really are. They are the weak link that allows damage to be caused.
This is because they offer a way for hackers to enter the network of their clients. The information they hold may well seem insignificant from the outside, but it isn’t always the data the criminal requires. Instead, they may be able to take the client information you unknowingly provide and use this as a route into their networks. The cycle then continues, as network after network is infiltrated, and potentially far more damaging breaches occur further on in the chain.
The most common response we hear from business owners when we play out the scenario of a potential hack is to say that they will revert to a backup. A good idea, if of course, you can pinpoint the exact moment you were infiltrated. Often a hacker can remain on your system for months, gathering data, exploiting your network and gradually making their way up the chain. Until you physically feel the consequences of a hack or have someone trace the link back to you, you may be unaware that you’ve even been hit. So, if reverting to a backup, how far back do you go to completely clear the system?
It takes minutes to hack, but often months to detect.
There are though, several simple, yet highly effective solutions to both prevent and protect against potential breaches. We understand that for SME’s, there isn’t always the budget to invest heavily in digital security. This makes the actions below a crucial and inexpensive addition to any small business:
Regularly checking your system for irregularities is the surest way to spot a potential hack immediately. Whether you do this manually through your systems logs or invest in software that can monitor and send alerts should a risk be detected, it is a crucial practise.
It is critical that you consistently update your software with the latest patches. Vulnerabilities will already exist, which is why updates are regularly released. By keeping your software current, you keep the chance of a weakness being found and exploited to a minimum.
For companies that employ multiple members of staff, having web controls across the organisation can ensure consistency and protection. When employees look to download files, for example, you can automatically assign them to what is known as a sandbox. This is a secure, controlled area of your server that allows you to open a file without the risk of releasing something dangerous into the network. Here, you can check its legitimacy, or have it completely removed if you find something sinister.
A honeypot in security terms is a file or document placed on a system that looks enticing to a potential hacker. It will advertise itself as withholding valuable information. In reality, it is empty. There are two benefits to this. One, it diverts people away from the important data, and two, you know immediately that you are under threat if someone attempts to hack what is essentially an empty file.
For more information or advice on how to protect your business, get in touch today call 0844 586 0040, email [email protected] or fill out the contact form & we will get back to you as soon as possible.