Evidence is emerging that cyber attack criminals are seeking to exploit COVID-19. According to the National Cyber Security Centre, attacks have been on the rise and are likely to get worse at the pandemic continues.
SMEs are particularly vulnerable as they seek new ways of working during lockdown and navigate unfamiliar channels of support.
That’s why we’ve rounded up the latest SME-specific cyber attack security advice. We asked experts like the Metropolitan Police Service and the National Cyber Security Centre for the simplest, quickest and most cost-effective steps you can take to protect yourselves online.
Got 2 minutes? Check out our 5 things you can do right now
Got 20 minutes? Check out our resource roundup further down this page
5 things you can do (right now) to protect your business online
(1) Update your software
Make sure software on your computers and smartphones is kept up to date, particularly your operating systems. Hackers are always finding new vulnerabilities and those updates from developers or providers usually contain important security patches. They’re keeping you one step ahead of the hackers, but it only works if you do the updates sharpish.
(2) Make your passwords stronger
We all pretty much know the rules for making a strong password. The longer the better, so include symbols and numbers while avoiding family names, birthdays and pets. The Metropolitan Police are now recommending that we put together three random words, like “carnewspaperpigeon”, and add a few capital letters, like “carnEwspapErpigEon. They’ve made a helpful advice video with more tips for hard-to-hack passwords.
(3) Turn on 2-factor authentication
For any accounts which contain important personal or financial information, use 2-factor authentication (2FA). It combines your password (something you know) with a second factor, like your mobile phone (something you have). Most big websites offer 2FA but you have to turn it on yourself – usually in security or settings.
(4) Avoid using free public WiFi
Don’t use free public WiFi for anything you wouldn’t want everyone to have access to. Most hotspots are not secure. A safer option is to download a Virtual Private Network (VPN) from a reputable provider onto your phones or computers. Data sent over these networks is always encrypted – cyber-snoopers can get it, but they can’t read it. You can also tether computers to your mobile and use 3G/4G to get online.
(5) Know how to spot phishing
The tell-tale signs of phishing (scam) emails are getting harder to spot, but they almost always request personal information, payment or contain links to bad websites. They often ask you to act urgently or appear to come from a senior person in a business. Experts say the best defence is to check the sender’s real address, not the visible one. You can Google how to do this for your specific email platform.
If you’re keen to really stamp out your exposure to cyber crime, take a look at the resources in this section. To save you much of the legwork, we’ve scoured the internet for what’s available, what’s useful and what’s reliable. (If you’re already feeling pretty confident about your cyber security, please share your own tips with us and your network via LinkedIn.)
Want to get staff up to speed with cybersecurity?
The Metropolitan Police have produced a wealth of cyber security resources just for SMEs. This includes some great how to videos and an explainer booklet you can download for more detail. There’s also a short and snappy leaflet which would be a good one to share with any remote working employees you’ve got.
Want to report a cyber attack to the police?
Action Fraud is where you can report fraud and cyber crime to the police quickly, easily and from any device. You’ll get a crime number and lots of other information on financially-motivated internet crime. If you happen to know the suspect, or they’re still in the area, you can also report fraud to the police by calling 101.
Want to test your response to a cyber attack?
The National Cyber Security Centre has an online tool which helps you find out how resilient you are to cyber attack and practise your response in a safe environment. “Exercise in a Box” includes everything you need to go through in your own time. And you don’t need to be much of a tech expert.
Want to follow a process for reducing your cybersecurity risk?
The Global Cyber Alliance has assembled a set of free and non-technical tools to help SMEs improve cyber security. There’s a clear six-step process to follow, starting with helping you assess your security readiness and response.
Want to reassure customers your IT is secure?
Cyber Essentials is a government-backed scheme to help you to protect your business against the most common cyber attacks and get certification to prove you’ve put IT protection in place.
Want to check if an email address been leaked?
A tongue in cheek, but quite useful tool, for checking if your email address has been compromised is available online. It shows any breached accounts or websites.
Want to protect against ransomware infection?
No More Ransom is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee. Resources to help victims of ransomware get their encrypted data back without having to pay up.
Want to feel reassured that you can improve?
An interesting 30-minute podcast, featuring Snaffling Pig co-founder Nick Coleman, has been published by the BT “In good company” podcast. After falling for a hacker’s email last year and losing £9,500, he talks about choosing cyber security steps that aren’t too onerous. He also says you shouldn’t feel ashamed if you don’t really understand cyber security.