Since the start of the coronavirus (COVID-19) pandemic, UK businesses have been adjusting to new ways of working and are more reliant on the digital world. The Centre for Economic Performance found that more than 60% of firms reported having adopted new technologies or management practices over the past 2 years.
Cyber criminals continue to take advantage of these new ways of working to disrupt everyday business and steal sensitive information. It is more important than ever to understand how your business might be vulnerable to cyber crime.
What is cyber security?
Cyber security is a key component of business operations. At its core is the ability to protect key devices, systems and data - both at home and work - from theft, damage and loss. This means protecting business equipment, including:
- computer systems and networks
- operational technology
- mobile phones
- smart devices
There is a real risk of a cyber breach for UK businesses. The government's latest Cyber Security Breaches Survey suggests nearly 40% of UK businesses suffered a cyber breach of some kind in the previous 12 months, and a quarter said they suffered a cyber breach at least once a week. On average, identified breaches cost businesses an estimated £8,460.
The impact of these attacks cannot be overstated. They can affect an organisation's operations, finances and reputation. It is vital that businesses back up important data and know how to deal with evolving cyber threats.
How to protect yourself and your business
You do not have to be an IT expert to protect yourself online. There are a few steps all businesses can take to instantly improve the cyber hygiene of their organisation. The Cyber Aware campaign recommends 2 key actions that small businesses should follow.
Create a strong, unique password
Cyber attackers often target email, so users should create a strong, unique password for each account. The National Cyber Security Centre (NCSC) recommends using 3 random words to create a strong password, for example DogPurpleHouse. Users can include numbers and symbols where required (D0gPurpleHouse!). Passwords can be saved directly in web browsers or password managers so users do not have to remember multiple passwords for different accounts.
Use two-step verification
Users should turn on two-step verification to add an extra layer of protection. Two-step verification requires a one-time passcode or facial recognition to verify the user, in addition to the password. Advice on how to turn this feature on can be found on the NCSC website.
Businesses can keep their systems and devices up to date by accepting updates. This is known as patching. It helps to stop cyber criminals accessing systems by taking advantage of vulnerabilities in outdated software. Updates fix these vulnerabilities, so accepting updates from software vendors is strongly recommended.
The importance of staff training
Staff are not only key to keeping your business running. They play a crucial role in keeping it secure.
As well as adopting cyber aware behaviours, the NCSC encourages businesses to use our e-learning package Top Tips for Staff, which is designed to help improve the cyber awareness of employees. The training, which can be completed on the NCSC website or built into your own platform, covers 4 topics:
- Defending yourself against phishing
- Creating strong passwords
- Securing your devices
- Reporting incidents
How to find out more
The NCSC is committed to helping improve national cyber resilience and works closely with sectors across the UK economy and society, including those in facilities management. They have also published a range of free products and guidance to support businesses on their website.
The advice shared in this blog complements that in our Small Business Guide. Premises and building managers might find our new guidance for construction businesses and those in the supply chain helpful.
If you would like to receive information on the latest trends in cyber, weekly threat reports, or the NCSC's small organisations newsletter, sign up to the NCSC's subscription centre.
We also recommend organisations use our Exercise in a Box tool, which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.
All these resources can be accessed by visiting www.ncsc.gov.uk.