3 Key Steps to Cyber Security
Simple steps small businesses can take to protect from cyber and data threats
ProfilePI, is a leading UK provider of cyber insurance to small businesses. Our clients are increasingly asking us what steps they can take to protect their business from a cyber or data breach, what are the consequences of a breach and what support can they expect should the worst happen.
Step 1: Awareness & Education
Educating directors and staff is a good first step. 54% of data breaches occur from within an organisation, not a third party ‘hacking in’ and stealing data. Cyber thieves will often attempt to use social engineering or disguising themselves as a legitimate business contact. Imagine your accounts team taking a call or receiving an email from someone imitating a well known supplier, to provide new account details for payment of an invoice. Do you have checks in place within your accounts team before updating details?
There are a number of simple online training portals that businesses can roll out to staff that will train them to recognise cyber and data threats. They can also learn how to recognise fake emails and the likely requests they make. We recommend CyberAMI and Usecure as two options to consider when taking preventative measures.
Step 2: Defence
New data laws come into effect across the UK in 2018. Any business that suffers a data breach that cannot demonstrate they have taken simple and basic measures to prevent such a breach can expect severe penalties and fines.
Password protect documents that may contain sensitive information. Restrict and lock-down staff access to folders or drives to only those who need it. If you do not have a staff policy on data then create one and ensure all staff are made aware. Cyber AMI portal can help you create this.
Control what devices enter your network. A staff member simply charging their phone on a USB drive could have unintended consequences for your systems. Be careful when using remote WIFI networks, not all are secure so consider what data you access when on an unsecured network.
There are many other simple steps you can take to control data access across your business and Cyber Security consultants or your local IT provider will be able to offer additional advice and support.
Step 3: Insurance & Response
A well-known Cyber expert once said “Some businesses have been breached and know about it, and the rest just don’t know about it”. There is a growing consensus that a data breach for many businesses in the coming years is something of inevitability.
We don’t quite share that view, but we do believe that the chances of businesses suffering a breach are high. As such, Cyber Insurance should be part of any data protection plans for all businesses, large or small. Should the worst happen, you have a safety net.
It can pay the costs in notifying regulators (legal requirement under new laws) as well and informing your clients impacted by the breach. It may respond to any fines or penalties you may need to pay. If clients feel they have suffered financial loss as a result of the breach and consider you have been negligent, insurance can respond to defend or pay these claims.
Business suffering a data breach can expect a big hit to their reputation. 40% of customers said they would consider switching providers of businesses who lost their data. Insurance can provide access to emergency PR and Marketing costs to help repair reputational damage.
Breach response services are additional protection to insurance offered by ProfilePI. This will provide access to an ‘emergency service’ once a data breach or cyber attack has been discovered. It can provide credit-monitoring services for your clients to inform them if their data has been used (e.g. credit card application). They can write to your clients to inform them of the breach and the measures. It will also provide tech experts to trace the source of the breach and provide advice to prevent it happening again.
< Back to News