Don’t be fooled into thinking that small business means small risk. All too often, it’s the opposite – even small threats can have a fatally large impact on an SME. That’s why cybersecurity is something that shouldn’t be ignored.
Small businesses are attractive to hackers
Hacking small creative businesses might not sound lucrative, but the fact that most have no dedicated IT personnel and few security systems can make them a tasty morsel for criminals. Despite the fact that roughly two-thirds of UK SMEs fell victim to a cyberattack last year, costing an average £21,000 each to fix , only 20% of firms surveyed by the Government have staff recently trained to deal with a data breach. It’s clear that there’s a gap between the size of the risk and how prepared small businesses are to deal with it.
Creative businesses are among those most likely to suffer the biggest losses from a cyberattack, thanks to plenty of remote working, freelance staff and moving large amounts of sensitive, valuable data between devices and the Cloud. An attack can be just an email – or a click – away. Cyberattacks are ever-evolving, so it pays to be aware of the latest threats – here are three of the biggest:
A form of malware, ransomware attacks encrypt data and then extort a payment from the victim to regain access. They’re on the decline generally, but attacks that arrive via email are still common. How to prevent ransomware attacks?
- Ensure your staff (including freelancers and temps) know what malicious emails look like, and the latest scam tactics
- Install and maintain good malware protection software across your network
- Keep your applications up to date – and train staff not to ignore software updates
- Keep regular data backups, so you can recover quickly in the event of an attack, without giving in to the ransom demands. Make sure you test your backup systems.
Phishing attempts to gain access to sensitive data while posing as someone you’d trust, like an online service or bank, for instance. Often highly targeted to the individual end user, they can look completely convincing, with genuine logos and accurate wording. Whaling is where a fake email from a senior member of staff puts pressure on the accounts team to make an urgent payment – a growing issue for small businesses. What you can do to prevent phishing:
- Train all staff to recognize that banks and businesses will never ask for sensitive information over phone or email
- Coach your teams to eye unexpected emails with suspicion
- Ensure your malware software is always running the latest version – and seek advice from an IT provider like us
- Switch on your spam filters – and check that they’re doing a good job regularly.
Unfortunately, your staff (full time or otherwise) represent one of the biggest risks to any organisation, whether maliciously or by mistake. From leaving documents on a train, stolen laptops, and clumsy use of storage drives, to knowingly leaking information, staff behaviour can have huge consequences. Here’s how to mitigate the risk:
- Educate every member of your team at induction about minimising mistakes and good data practices – and top up that training regularly
- Limit how much data each team member has access to. Follow the principle of ‘least privilege access’ across all your IT systems, providing staff only with the minimum access they need to do their jobs
- Have a strong policy on ‘bring your own devices’ and using USB memory drives, portable storage, and travelling with company devices
- Restrict access to Cloud services by role – and consider using remote monitoring on network devices to keep track of data.
Depending on your supply chain, you may already be meeting or exceeding these standards. But all creative small businesses need to remain on their guard. A breach at any level can have wide-reaching consequences, particularly if you are working with bigger-name clients, content providers or broadcasters. We’d love to help. We’re London’s trusted IT provider for creative small businesses, working with clients in film, TV and beyond to stay compliant and secure. Contact us today for an informal chat about your requirements.