Tips to protect your business from cyber threats

SMEs increasingly depend on IT systems and are thus vulnerable to existing cybersecurity risks and newly-emerging cyberattacks, the Institute of Public Accountants said in its recently released Small Business White Paper.

Research has shown that small business is the target of 43% of all cybercrime, with 60% of those that experience a significant cyber breach going out of business within 6 months.

Recognising that SMEs are not immune to a wide range of cyber threats, the IPA has put together several simple recommendations to help small businesses improve their online safety.

SME cybersecurity advice

• Apply the latest updates from software suppliers to repair newly discovered cyber vulnerabilities. This process can and should be automated and should cover operating systems and key applications.

• Use strong passwords and two stage authentications (e.g. users are sent a text code to login with their password.

• Use a cloud-based email service and cloud storage, rather than organisations setting up their own email servers and storage servers.

• Back up important data on a regular basis and check that you can reinstall the data you have backed up. Backups should be stored off-site.

• Install security software (e.g. installing anti-malware software that offers protection against malware).

• Keep anti-virus and anti-malware software up-to-date.

Some advanced cybersecurity steps can be implemented to improve security, such as:

• Develop cybersecurity guidelines, policies and practises that an SME should follow in relation to cybersecurity (e.g. the handing of sensitive information, how to manage incidents, a formal organisational cybersecurity policy)

• Undertake a security risk analysis/ audit to be aware of cybersecurity threats and risks that an SME could face and then take steps to mitigate or remove the threat of high-level risks

• Test that security features actually work (e.g. testing back-up approaches, running simulations of cyberattacks and seeing how an SME would react to a cyberattack)

• Consider security alternatives (e.g. outsourcing certain security functions to a third party or considering cybersecurity insurance to help recover from a cyber incident if one occurred.

Refer to the IPA’s White Paper for more advice on cyber proofing.