Cyber security essentials for London businesses
)
Posted: Tue 19th Dec 2023
The number of cyber attacks small businesses are reporting is increasing significantly. A cyber attack can affect your business' ability to operate, and lead to a loss of income and harm to your reputation.
There are practical steps you can take to protect your business from online threats. This will make your business more resilient and less likely to become the victim of a cyber crime.
Learn about some of the most common types of cyber attacks and the steps you can take to protect your business.
Types of cyber attacks
A cyber attack is a malicious and deliberate attempt to access and disrupt your computers and networks and steal data.
They are getting more complicated, so it's important you know how to identify and prevent them. The National Cyber Security Centre publishes regular reports about the latest online threats that businesses face.
Here are some of the most common types of cyber attacks:
Advanced persistent threats
A type of attack where a hacker gains access to your computer or network over a long period of time to collect and steal information. Making sure your software and operating systems are up to date can help prevent this type of attack.
Phishing emails
Emails that try to trick you or your employees into "doing the wrong thing", such as clicking a dodgy link and downloading malware.
There are lots of things you can do to prevent phishing attacks. Email filtering software that automatically flags or blocks suspicious emails is one solution. You should also train your employees to spot and report any suspicious emails.
Password attack
When a hacker steals your passwords so they can access your systems. You should never share your passwords. Setting strong passwords and changing them regularly are also effective ways to prevent password attacks.
Denial of service attack
When a hacker floods your servers with requests to make your services or website inaccessible. This can damage your reputation and cause you to lose money.
Malware attack
This can cause damage in a number of ways, such as the hacker stealing your data or taking control of your devices. Malware is often downloaded onto your device or network by clicking on suspicious links. Installing up-to-date anti-malware software can help prevent this type of attack.
How to prevent cyber attacks
There are a number of practical and low-cost actions you can take to protect your business from a cyber attack.
Regularly back up your data, particularly if it's business-critical. Store your backups securely, such as on a separate drive or in the cloud. You should also limit access to your data to essential members of staff only.
Install antivirus software and make sure you keep it up to date. You should keep all your IT equipment and operating systems up to date too.
Make sure you take steps to secure other devices such as smartphones and tablets.
A strong password policy is important. A strong password should include a combination of letters, numbers and special characters. It shouldn't be easy to guess. Change your passwords regularly and never share them.
Train your employees so they know how to spot and report potential cyber attacks.
The National Cyber Security Centre has a five-step guide to help small businesses become more "cyber resilient".
The Cyber Essentials scheme
Cyber Essentials is a government-backed cyber security certification scheme for small businesses. Its goal is to set out the basics of cyber security and help your business through the process of protecting itself against common risks.
The scheme covers all the basic security weaknesses that your business' IT systems and software might have. It works on the basis that straightforward but robust measures can have a big impact when it comes to cyber security risks outside the business.
Getting Cyber Essentials certification can help show your customers and partners that you're serious about cyber security. It can also save you money because it may cost less to insure your business once it's certified.
Requirements for certification
You must meet five requirements for Cyber Essentials certification:
Firewalls: Computers and network devices must be protected by a correctly configured firewall (or equivalent network device). This will help protect your network and devices, and make sure that people can access only safe network services from the internet.
Secure configuration: Computers and network devices must be properly set up and configured to make them less vulnerable to cyber attacks.
User access control: Employees' access to software, settings, online services and devices should be at the lowest level necessary for them to perform their roles. You should only grant additional access to employees who need it.
Patch management: You must keep software on all devices up to date to make sure they aren't vulnerable to known security issues for which fixes are available. Remove from your devices any software that's no longer supported or updated.
Malware protection: Protect every device against viruses and other malware.
The certification process
You can choose any accredited certification body to manage your Cyber Essentials certification.
There are two levels of Cyber Essentials certification available: Cyber Essentials and Cyber Essentials Plus. The standards your business must meet are the same for both levels, but the assessment methods are different.
Once the certification body is satisfied that your business has met all the requirements, they will approve the certification and send you both the official certificate and some brand guidelines for using the Cyber Essentials certification logo. The certificate lasts for 12 months, after which you must get certified again.
Further resources and support
The National Cyber Security Centre (NCSC) provides a range of advice, guidance, training and specialist services to help small and medium-sized firms, self-employed people and sole traders reduce the risks of a cyber attack to their business. It also provides advice and support about what to do if you suffer an attack.
Exercise in a Box is an online tool that helps your business find out how resilient it is to cyber attacks. You can also practise your response to a cyberattack in a safe environment.
The GCA Cybersecurity Toolkit aims to help small businesses understand how to reduce the risk of online threats.
Working in partnership with the Mayor's Office for Policing and Crime, the Cyber Resilience Centre (CRC) for London supports small and medium-sized businesses and third-sector organisations to become less vulnerable to cyber crime.
Grow London Local: Support for London's small businesses
No matter where you're based in London, you'll find relevant support and guidance on business planning, sales and marketing and much more, as well as opportunities to connect with like-minded business owners. Visit Grow London Local now