Five tips for better cyber security for SMEs

Cyber security of most small business is woefully inadequate, says Institution of Engineering and Technology cyber security lead Hugh Boyes. He offers five simple actions to improve yours.

The Government has launched a new Do More Online campaign aiming to help small businesses to increase their digital skills.

And while it is great that the Government is encouraging small businesses to do more online, the cyber security of most small business is woefully inadequate as they do not have the time, experience or resources to develop the knowledge and skills to protect their presence online.

A recent Trustwave report on Application Security (i.e. online applications) revealed that 96 per cent had major security defects. For SMEs to safely and securely operate online they will need support and assistance to ensure that their web presence is secure.

They are very unlikely to achieve this with the budget web offerings currently available from most ISPs. We recognise that the Government has launched the Cyber Essentials scheme, but this focuses on the personal IT equipment used by SMEs and small traders. It does not address the security of ISP-hosted or cloud websites, where website configuration and security are increasingly complex and either poorly addressed or not addressed at all in the budget packages typically used by SMEs.

So here are my top five tips for better cyber security for small businesses.

1. Do not use an account with administrative privileges for normal day-to-day activities and web browsing - accounts with lower privileges warn you if a programme tries to install software or modify computer settings thus allowing you to decide whether the proposed action is safe.

2. Ensure that your operating system and application software is up-to-date - many of the patches issued are to patch security vulnerabilities, the quicker these are patched the lower the risk that your computer can be compromised through known vulnerabilities where fixes are available. This should include up-to-date anti-malware software.

3. Take care when downloading and installing software. If it is free or is not from a well-recognised and trustworthy brand there is a risk that the software may include features that spy on you (the user), enable unsolicited advertising or install harmful software on your computer

4. Treat with caution unsolicited emails containing attachments or hyperlinks (particularly shortened links), many phishing attacks attempt to trick you into opening a file loaded with malware or to visit a site which runs malicious scripts on your computer

5. Apply common sense (due diligence). If an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, then it is likely that you are the target for a scam.