Essential Cyber security Measures and Best Practices

Megan Jane Popescu

It is estimated that over 250,000 websites are created daily. Add this up over days, weeks, months or even years and you have an enormous amount of data circling the internet.

In light of the digital expansion and with it an increase in cyber-crime, discussing the topic can be difficult. When businesses hear “cyber security” anxiety often follows. Some try to evade the topic, believing their IT department or website manager handles it all. Generally, an IT department focuses on network maintenance and infrastructure while a website manager (typically the person who designed your website) will take care of the maintenance side, such as keeping it up to date and online. However, cyber security is a field of its own and isn’t usually covered by IT or website managers.

Small Business Statistics
Government cyber statistics reveal that in 2023, 22% of small and micro businesses had fallen victim to cyber-attacks. Of these attacks, 89% were phishing attacks. This is where a user receives a malicious email, tricking them into clicking harmful links. The cost of an attack to small and micro businesses averages around £10,000.

Budget Constraints and Cyber Vulnerability
One of the challenges, especially for micro businesses, lies in finances. Micro to small businesses usually lack the budget for comprehensive cybersecurity services, leaving them particularly vulnerable. Incorporating security measures and staff training on a tight budget can typically cost thousands, which poses a significant stumbling block.

Safeguarding Against Phishing
The most common attack being phishing, the simplest measure, so as to not fall victim, is to implement robust email security solutions such as SPF, DKIM and DMARC records. These are security measures that prevent an attacker impersonating someone you know such as another director or colleague. It’s also important to remain cautious of emails coming from unknown individuals asking you to click links that will request further information or emails that request information with an urgent tone.

Password Protection
Another important measure is the use of strong passwords and the use of a password manager to store them securely. Avoid using easily obtainable personal information, such as birth dates, pet names, or a mix of your business name and current year, and ensure your password combines complexity and length. This can sometimes seem impractical if it’s a password that is used often, so try a password phrase instead, using several random words together.

Two-Factor Authentication (2FA)
Two-factor authentication (2FA), though sometimes inconvenient, stands as one of the best free security features available. When signing into an account, 2FA prompts authorisation via a message on a mobile or another device. It’s offered by most online platforms and should be utilised by employees as well.

Integrating Best Security Practices
If you have a website or you’re looking to have one, ensure your website management team is up-to-date with security best practices. Don’t be afraid to ask questions and also question any additional functionality that is added to your website as this is where some of the worst vulnerabilities lie. Always ensure data backup for disaster recovery, implement web-application firewalls and antivirus software.

Leveraging NCSC for Cyber Education
Staff training programs significantly enhance awareness. Finding a company that offers security awareness training to staff is indispensable. If there is no budget, then an excellent option is visiting The National Cyber Security Centre (NCSC). They offer various free resources that businesses can utilise for this purpose.

Embracing Cybersecurity for Business Credibility
The importance of cyber security cannot be overstated. Even small measures make a significant difference in protecting against cyber threats. Showing the public and potential clients that you take cyber security and data seriously, adds credibility and trust to your business.