Five really simple steps to better business cyber security

Keeping your business safe from cyber-attacks can seem a daunting task, especially if you have a small team.

All firms that have any digital element to their business - even just sending emails or using Google Docs, for example - are at risk.

But Simon Schofield, Head of Security at Atradius, has a clear message to businesses to improve their cyber security: keep it simple. 

He says that firms, particularly small ones that lack IT resources, can achieve a lot by doubling down on some basic measures that don’t require deep IT expertise. 

As a starting point, Simon suggests all organisations ensure they are at least taking the following five steps: 

Educate your team

Your team needs to be able to recognise and respond to cyber threats effectively.

For example, they need to be able to identify phishing attacks, the most common type of cyber-attack. In this type of crime, attackers send scam emails or text messages that contain links to malicious websites or may be designed to trick users into revealing sensitive information or transferring money. Phishing emails can hit an organisation of any size and type. Criminals’ use of generative AI tools is making these emails more convincing than ever.

Simon suggests all businesses “put procedures in place for how to handle demands for money or details and sensitive information.”

Ensure all employees use strong passwords and multifactor authentication 

Make sure all employees have clear and understandable information on setting passwords.

The UK's National Cyber Security Centre (NCSC) has some useful advice on how to choose a non-predictable password. And Simon has an additional tip for businesses to help them encourage employees to use strong passwords. He says: “If you're using simple passwords, then they're simple to guess. Ask your employees to consider: ‘would I be happy with that password on my own bank account?’”

However, even strong passwords can be stolen, for example through a data breach. So, you also need to ensure all staff use multi-factor authentication. This is when you need a second verification method - such as a pin or fingerprint - to prove who you are. 

Update software and systems

Software must be kept up to date. Updates often contain crucial security patches and new security features.

Simon says that in security tests to find and exploit vulnerabilities in computer systems “99% of the issues will be out of date software or someone's configured something incorrectly.”

Back up data regularly

All businesses should take regular backups of their important data. 

“Identify the data you really care about and what the business relies on to operate and make sure you have a safe copy of it”, says Simon.

This way, Simon explains, you can avoid your business being damaged by ransomware attacks. This is when an attacker holds a victim's data held hostage unless the victim pays a ransom. “If you have a good clean backup, then you wouldn’t necessarily need to pay that ransom,” says Simon.

Have a plan

All businesses should have a plan in place, outlining how they would react if they were to fall victim to a cyber-attack.

As Simon explains: “Businesses should say, ‘if we have an attack, what are going to do? What's our instant response plan? Who's going to do it? How are we going to communicate with our partners, our customers, to maintain that trust?’”

Keep it simple

By taking these simple steps, you can significantly reduce the risks facing your business, all without paying for expert help.  “You don’t even need security professionals to do those simple things, which can take away 80% of the risks,” says Simon.

The key to the five steps above is that they shouldn’t impede or slow down your business, as Simon explains: “Companies have to take risks to survive and prosper. IT security is like brakes on a car: they’re not there to stop you but help you to slow down when you need to brake.”

Simon adds: “You could always do more, but there is a balance before it starts stopping or impeding the business.”