Support 100 years of independent journalism.

  1. Business
16 December 2013updated 07 Sep 2021 12:16pm

10 ways to avoid a cyber attack

There are steps you can take.

By Economia

Today’s business environment relies on digital technology to function. This brings great opportunity as well as risk. Business is undertaken more effectively and efficiently, but information flows can be intercepted and compromised. Whilst online crime has often been viewed as an issue facing larger businesses, smaller organisations are increasingly coming into focus as the next soft target (with their intellectual property and customer and payment databases).

According to the latest 2013 Information Security Breaches survey, 87 per cent of small businesses have reported a security breach this year (up from 76 per cent a year ago). The average cost to a small business of its worst security breach of the year is estimated to be between £35,000 and £65,000.

However, by following a number of basic steps, organisations can significantly improve their online security and help safeguard their most important assets and trading relationships. Implementing a full Information Security Management System is best – but “doing the basics” is a good place to start and can improve your chances of avoiding a compromise by up to 80 per cent.

These 10 steps mirror and build on the “10 Steps to cyber security” issued by BIS (Department for Business, Innovation & Skills) aimed at larger organisations and available here.

The recommended 10 steps are as outlined below:

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

1. Allocate responsibilities and identify your key information assets

As with any business activity, in computer security it’s crucial to identify what must be done and who will do it. Overall responsibility should rest with a senior manager who has a broad view of all the risks and how to tackle them

Content from our partners
How to create a responsible form of “buy now, pay later”
“Unions are helping improve conditions for drivers like me”
Transport is the core of levelling up

Management should identify the information and technology that’s really vital to the business, where the big risks lie – and then take steps to safeguard that.

2. Protect your computers and your network

Malicious activity could come from outside or inside your business.

Attacks from outside, for example by trouble-making hackers or competitors, can be largely repelled by installing a firewall. It can also be used to manage your staff’s internet activity, for instance by blocking access to chat sites where employees might encounter security risks.

3. Keep your computers up to date

It’s essential to keep all your computers up-to-date with the latest patches. Normally, they can be downloaded and installed automatically.

Remember that just one vulnerable computer puts all the others at risk. It’s important to ensure that all available patches are applied to all of them.

4. Control employee access to computers and documents

Although your computers should be guarded by a firewall, you should still protect user accounts and sensitive documents with passwords.

Passwords should be difficult to guess but memorable, and never written down. Ideally, ensure that passwords include a combination of upper- and lower-case letters, numbers and symbols and require employees to change passwords regularly.

5. Protect against viruses

Malicious software (or “malware”) may not always be as devastating as the headlines suggest, but can still slow down your systems dramatically, and passing them on to customers will win you no friends.

Fortunately, there is plenty of protection available. Your computers may have been sold with anti-virus software (the generic term, although most products also protect against other kinds of malware). If not, you can easily buy it.

6. Extend security beyond the office

Today’s employees often work from home or on the road and use their own laptops, mobile phones, tablets and so on.

It is difficult to extend to these situations and devices the same level of security that you can apply to office computers. However, you can reduce risk by requiring that any personal equipment used for work is approved. At a minimum, it should have anti-virus software and password protection.

7. Don’t forget disks and drives

Removable disks and drives such as DVDs and USB sticks pose security risks in two ways. They can introduce malware into your computers, and they can be mislaid when containing sensitive information.

Ensure that as far as possible, only disks and drives owned by your business are used with your computers. Discourage employees from using them in third parties’ computers (e.g. in Internet cafes), and set up anti-malware software to scan them whenever they are used in the office.

8. Plan for the worst

No system is 100 per cent secure, so it’s worth planning what you’d do if things went badly wrong.

Establish how you will know that there’s a problem. You shouldn’t have to wait for computers to go down; your firewall or anti-virus software, for example, may provide advance warning that something unusual is going on. Your plan can be laid out in a document, and delivered in training sessions.

9. Educate your team

Tell everyone in the business why security matters, and how they can help, using training sessions and written policy documents. This will encourage them to follow practices such as regular password changes.

There are non-technical risks, too. One is ‘social engineering’, where hackers try to trick employees into revealing technical details that make your computers vulnerable.

10. Keep records – and test your security

Security is an ongoing process, not a one-off fix. So it’s important to keep clear records.

Good record-keeping will also help you regularly test all your security measures and ensure that you have functioning, up-to-date software. Any business is only as secure as its weakest link, and testing will make sure that no weaknesses are overlooked.

This piece first appeared on economia.