Back to all resources

Protect your business from cyber attacks and data loss

More than half of UK small businesses are fearful of a cyber attack and data loss incident, research shows, but many don’t know how to prevent and deal with such an occurrence. Follow these tips to reduce the chances of the worst happening to your business.

Like this resource?

Become a member for access to more resources and benefits.

Learn more

With more and more businesses seeing the benefits of moving online and more business services moving to the ‘cloud', protecting your business from technology-based risks should be high up your priority list.

Research by internet security firm Symantec saw a 91% rise in targeted attacks in 2013, with one third of the criminal activity being targeted specifically at small and medium-sized businesses as criminals know they lack sufficient protection.

Manufacturing companies now top the tables of those businesses particularly at risk. Follow these top tips to make sure you have the measures in place to prevent an attack:

Carry out a risk assessment

The risk your business faces from cyber attacks and data loss depends on how much IT is used in your company and who is using it. For example, if a number of your employees are on your computer network using the internet every day you may be at higher risk than if you just have one company computer that is very rarely used.

Create an IT policy

Data loss and cyber crime can often occur through human error - both malicious and accidental. An IT security policy sets out how you expect employees to use your IT systems and may prevent them from visiting unsuitable websites, or downloading and copying material. Though it isn't an entirely fool-proof way of preventing the worst happening to your business, it can act as a deterrent and could also give you recourse to discipline a member of staff that doesn't comply as it removes the risk of them saying they didn't know.

Create a business security and disaster recovery plan

Business security and data loss should form part of your business's disaster recovery plan. If data disaster did strike your business, you and your staff need to know how you would keep the business running.

Back up your business data

A back-up is a copy of your data, usually kept on a data storage device which is then secured away from the original. These should be taken regularly – even every day in businesses where data is gathered on a daily basis.

Important data that should be backed up and protected includes customer details, employee information and bank details. It is your responsibility under the Data Protection Act 1998 to safeguard this information.

Data back-ups are probably the single most important computer related task you will ever perform in your business – so ensure that you test back-ups on a regular basis to check they're working.

Protect your business from viruses

Viruses present the biggest online threat to your business data. Not only are they designed to cause disruption, but they can target personal data stored on your system (including that of your customers) and cause you to lose important data.

The Symantec study found that cybercriminals are now using a technique called ‘waterholing', where legitimate business websites are is compromised with malicious code, which then infects site visitors.

Stay alert for signs of fraud

Look out for signs of fraudulent activity, such as ‘phishing' scams which try to get you to part with financial details and website traffic being diverted to a bogus site or orders being directed to a different server. These are all ways in which cyber criminals can try to access sensitive information from you and your customers.

Make sure you meet payment security requirements

If you take payments via your website or any other situation where the card holder is not present, you need to make sure you comply with the Payment Card Industry Data Security Standard (PCI DSS).

As well as the above, you should also be aware that online attacks aren't the only threats to your business data. You should also protect it as much as possible from human error and physical threats such as fire and flood.

To reduce the impact of these threats you should keep data back-ups away from the business premises and educate employees about the importance of keeping data safe and secure.

These are just a few of the ways in which you can protect your business. For more comprehensive support get 3 months' free access to an online risk management system with Forum membership. This includes checklists and policy templates to make sure your business is protected and complies with relevant legislation. For more information, or to find out how we can help protect your business with discounted cyber insurance, call us now on 0845 130 1722.