5 Cybersecurity Tips for Small Businesses in the UK
5 Cybersecurity Tips for Small Businesses in the UK
While the global threat situation is going wild, hackers develop new AI skills, and cybercrime losses are rising by the billions every year, legislators in the USA, the EU and many other regions of the world are tightening the thumbscrews. In between: small and medium-sized companies that don't know how to approach the issue of IT security strategically at all - and what the actual benefits are. “The entrepreneurial Chief Information Security Officer” and founder of risk training EdTech Cyttraction Carolin Desirée Toepfer exclusively shares her top 5 tips for UK business owners:
Step 1. Get started!
Overthinking doesn't bring you anywhere. Many business owners let their cybercrime and budget fears keep them away from hands-on measures. You cannot fight hacker attacks with meeting notes, to do lists or policies. Take action!
No strategy is perfect from day one, but a solid foundation is a good start for further business decisions. I like to compare building a cybersecurity strategy with building a house: in my experience some of my clients end up with a cyber tiny house, others are part of important supply chains and forced to end up with a multi-family. Global corporate cybersecurity strategies have the same complexity like a skyscraper. But all start with: the foundation level.
Especially for UK businesses: don't think about EU-dependencies too long - go global!
The international standard ISO27001 Information Security Management System provides a good benchmark for long-term manageable and reportable cybersecurity measures. It might take some time to match all controls, but if you start tomorrow you are at least on the way yet!
Step 2. Communicate the "Why Cybersecurity"!
Cybersecurity is complex, complicated and in some times the threat situation might change every day.
Don't take your own fears to your colleagues and make everybody afraid of hackers. Instead, think of communicating the "Why Cybersecurity?" for your company with information about identity protection and data integrity while keeping home office and personal needs in mind.
Those areas of cybersecurity are much easier to digest and instantly lead to participation, feedback and long-term motivation for your joint project.
I would also recommend to offer a lot of regular voluntary training on cybersecurity, fraud prevention, working with AI and anti-money laundering. Not just the mandatory trainings once a year, but an open ear of the management and / or a dedicated contact person in between.
Step 3. Prioritise Quick Fixes!
With the start of your communication strategy, you implemented the important low-cost Step 1 on the way to at least medium level cybersecurity. Congratulations!
Step 2 consists of getting an overview of the most important devices, software and accounts that you and your colleagues use every day. Ensure that not only passwords are updated but also 2-factor or multi-factor authentication is switched on everywhere.
If you already have an overall device and account management system implemented, this is more an admin task. Otherwise, ask your colleagues to take a moment and set it up manually.
Most companies need a bit longer for a full overview of the whole IT infrastructure as well as individual software and platforms employees use with their corporate credentials.
Good news - this will also help you to get rid of so called shadow IT and cut costs by switching off what's not used anymore.
But don't wait to write down all contact details of internal IT experts and external service providers needed in a worst case scenario!
Step 4. Free Resources.
Don't underestimate free government resources on cybersecurity!
Institutions like the UK National Cyber Security Centre https://www.ncsc.gov.uk provide a lot of free tools and information.
Following other entrepreneurs with similar challenges and cybersecurity experts on LinkedIn is great to get deeper into the topic.
Media articles to share with your team are also free. The best are the ones that don't use clickbait headlines but step by step explain what has happened during the attack, so we can learn from them.
There might also be a lot of events in your city or region as well with a number of knowledgeable experts (both independent speakers and sponsors) that can share their insights. Remember you can approach them with your own questions for a quick “consultation” about the topics they have raised that are relatable to your business.
Step 5. Follow YOUR Cybersecurity Strategy!
A good cybersecurity strategy matches your business model, future requirements, growth plans and budget.
Let's be honest: it will cost time and money. But: when you follow a strategy that works perfectly with your business model, this will help you to find the right support, people and tools while avoiding over-spending.
My experience suggests to start with building up your own cybersecurity posture and later use it to lead by example. Especially software and infrastructure providers, data processing services or digital products have the opportunity for specific premium packages, e.g. for clients from critical infrastructure industries.
Carolin Desirée Toepfer is an accomplished Chief Information Security Officer and Entrepreneur.
She is the founder of Risk Training and Knowledge Management EdTech Cyttraction.
If you have any questions based on the points raised here, feel free to contact Carolin on LinkedIn.