It is easy to think that cyber attacks only affect big businesses, but we have seen an increase in small businesses becoming caught up in incidents as innocent bystanders.
Attackers are becoming smarter and using techniques which affect the biggest number of victims with as little effort as possible, which is why it’s more important than ever to make sure your security is up to the challenge.
In order to fully protect yourself and your business there are processes that also need to be put in place as well as just adding layers of security and in this blog we will look at how you can do this.
Am I at risk?
Unfortunately in this day and age, if you have computers connected to the internet then you are at risk of a cyber attack and, while we don’t want to scare anyone, you can invest in all the security offered to you, but if criminals want to get in, they will likely find a way.
This is why it is equally as important to know how to mitigate and recover from an attack as it is to protect against them as putting all your effort in prevention will mean you are at risk of losing more when/if an attack happens.
This is a pitfall that many businesses fall into and why they ultimately end up far worse off than if they’d worked on the assumption of the risk being there than not.
Where do attacks come from?
Like most criminals, we don’t know much about them and when one technique is uncovered they change tactics to continue their schemes.
However we have recently seen an increase in small businesses being caught up in attacks targeted at bigger companies such as their suppliers because their contact details and information are on the affected system and used by the criminals to get access to more and more systems.
We also know that the majority of attacks originate from spam or phishing emails where one person on a server clicks a bad link and the hackers get access to the whole system – this is more of a risk for businesses using a physical on-site server than those which work in the cloud.
How to defend against cyber attacks
There are basic steps you can and should take to protect your business from cyber attacks. These include:
- Having up to date antivirus software
- A strong firewall
- Robust spam and phishing filters
- Staff training on identifying potential threats.
It is also important to keep yourself and your team up to date on emerging threats so you know what to look out for. If you receive a dodgy-looking email, check the ‘from’ address to see if it looks legitimate or not and, if you are still unsure, check online or with someone knowledgeable such as a trusted IT provider to see if it has been reported as a threat
How to prepare for an cyber attack
As we’ve mentioned previously, even with the best preparation in the world, attacks can still happen, so it is vital to prepare for how you will handle such a situation to make sure it isn’t a total disaster for your business.
All businesses should have a Business Continuity plan and a Disaster Recovery plan so that if the worst happens you and everyone else in your business knows exactly what to do.
A business continuity plan is an official document held within the business that sets out what will be done should certain events happen that means the ‘normal’ way of doing things can’t continue for a period of time whereas a Disaster Recovery plan is implemented when something catastrophic happens.
Included within it should be where backups are held, who has access to servers, and who can be brought in to assist getting things back on track. By having a robust backup schedule, and other mitigating measures in place, it means that affected machines can be taken offline and clean ones with safe data can be used to ensure the business can continue to operate.
We don’t want to scare anyone or to encourage hysteria, but it is important to be aware that the risks are very real for businesses of all sizes and that it is equally as important to plan your recovery as it is to prevent the attack from happening.
Tekserv is a Sophos Silver Partner and we can provide a range of cyber security services to make sure your equipment and data is protected.