The modern workplace is completely dependent on IT. This makes us better connected and more efficient – but it creates vulnerabilities too.
That’s where cybersecurity comes in. Every business needs cybersecurity in place, but it can get pretty technical. Sometimes it’s hard to cut through all the tech speak and get a straight answer. We’re here to provide that. In no particular order, we’re answering some common questions on business cybersecurity.
Do small businesses need cybersecurity?
Yes, absolutely. If you use IT in any way, you need cybersecurity. Small businesses tend to be just as dependant on IT as any other. Devices, software and networks are all potential vulnerabilities. And in fact, some criminals specifically target small businesses because they’re seen as easy, less high-profile targets.
If attackers get into your systems, just think of what they could get their hands on. Bank details, customer records, staff records, intellectual property … Small businesses are less likely to be able to bear the costs of this. They’re also less likely to have in-house IT staff who can handle it for them.
What is malware?
In short: “malware” = “malicious” + “software”. Malware is a broad term for any software designed with harmful intent.
What types of malware are there?
Here are some of the most common forms of malware:
- Adware: Adware attacks will result in high volumes of pop-up ads. These are more irritating than they are harmful, but adware attacks can slow devices down.
- Trojan horse: A trojan horse is any malware that conceals its intent by disguising itself as a safe programme.
- Spyware: Spyware is a form of malware designed to monitor your activity and steal confidential information, such as bank details.
- Ransomware: Ransomware will make a threat, and demand payment not to carry it out. It may simply lock your systems until you pay, or threaten to publish sensitive information unless you pay. The WannaCry attack on the NHS was a prominent recent example.
How do I protect my business from malware?
There’s no one-size-fits-all answer, as every business is different. Different sectors, risks and levels of complexity demand different approaches. However, there are some basics that are pretty much universal.
You need robust anti-virus software across your devices. A good firewall is also essential, to protect your network. Beyond that, regular software updates are a must, as developers will create new patches in response to the latest threats.
These are the basics, but we’d always recommend an expert overview of your business. The types and degrees of protection you need will vary according to all sorts of factors, including your sector and size.
What does a firewall do?
At the most basic level, a firewall acts as protection for your network, managing traffic and blocking anything malicious. This is incredibly important, because your network connects so many parts of your business.
What is multi-factor authentication?
Authentication refers to the process of gaining access to a system – like putting a password in your laptop. Multi-factor authentication means putting in more than one step to gain access. It could be, for instance, a password, followed by a security question.
It’s like having to use two keys to unlock a door. Essentially, it reduces the risk of a breach. If someone steals one key, they still can’t get in without the other.
We’ve helped countless businesses improve their cybersecurity by implementing multi-factor authentication. We’d always review your existing procedures first though, because you want to achieve a balance between convenience and security.
What is phishing?
Phishing attacks use deception to trick you into doing something, like disclosing sensitive information or transferring funds. This could be via text or phone, but email is the most common. A typical example would be an email purporting to be from a bank, asking for a transfer of funds or your bank details.
While that might sound a little crude, phishing attacks have become much more sophisticated in recent years. And all it takes is for one person to be fooled once.
How do I prevent phishing attacks?
A good anti-spam filter should prevent most untrustworthy emails from getting through. But perhaps even more important is staff awareness. We’d strongly recommend training your team (including directors!) in how to spot the threats.
Multi-factor authentication is also a weapon against phishing – even if someone does give away a password, there is still an extra layer of defence in place.
What is Cyber Essentials Plus?
Cyber Essentials is a government-backed cybersecurity awareness accreditation scheme. With the basic version, you qualify by self-assessment. To get Cyber Essentials Plus, you’re assessed independently. It essentially acts as proof that your business follows best practice when it comes to security and data management. Naturally, we at BDR have this accreditation!
Do I need Cyber Essentials Plus?
It’s certainly reassuring for your customers. Especially if you handle a lot of sensitive information, it really benefits your business to be able to prove that you’re keeping it safe. At BDR, we’ve helped countless organisations achieve Cyber Essentials Plus accreditation through training and support.
Is AI used in cybersecurity?
Yes! The growth of artificial intelligence (AI) is having an impact on all kinds of tech. Cybersecurity is no exception.
For instance, we offer the Sophos product range, which includes endpoint protection for devices and firewalls for networks. These use deep learning to study, predict, analyse and block threats – they’ll often spot a problem, eliminate it and draft a report before you even know anything is wrong! These offer an exceptional degree of protection thanks to the use of AI.
What BDR can do for your business
As business technology specialists, we take our customers’ security extremely seriously. We help to make businesses more productive and efficient through technology – but first, you have to be safe from threats.
Our cybersecurity experts have a wealth of knowledge when it comes to common threats, and how to prevent them. With this, we’re able to tailor our suggestions to you. Do you have any cybersecurity questions we haven’t answered here? Get in touch on 0800 975 3000.