Protecting your business against cyber-security threats is as much about robust procedures and processes as it is about new technology.
Many small and medium-sized businesses in the UK benefit from close, long-standing relationships with their customers. An important part of maintaining those relationships is protecting your customers’ data – and your own network – from cyber threats.
Businesses have been facing heightened attacks during the COVID-19 pandemic. To get an insight into how smaller businesses have been protecting themselves, we spoke to one of Vodafone UK’s own small business customers.
OLIO is a growing business that connects neighbours and local businesses so they can share surplus food with each other, rather than throwing it away. As OLIO is an entirely online business, it’s critical that its users trust the company to keep their data safe.
“The security of our systems, and therefore our users, is always at the front of mind,” says Lloyd Watkin, OLIO’s principal engineer.
The consequences of any successful cyber-attack can include the theft of sensitive customer or business data, disruption to your work, loss of customer trust, and consequent damage to your commercial relationships and reputation.
Mr Watkin says OLIO has recently seen an increase in cyber threats, like many other businesses, as criminals look to take advantage of the disruption caused by the coronavirus pandemic.
“During the lockdown we’ve seen an increase in ‘amateur’ attacks, like simple poking of our APIs [application programming interfaces] and systems,” he notes.
Across the UK, there have been increases in certain types of online security threats against businesses:
- Malware: software designed to damage data, or – now more commonly– steal important data.
- Ransomware: software used by criminals to encrypt data and then demand a ransom for its release.
- Phishing: attacks where criminals pose as reputable companies or individuals and send false communications to trick people into revealing personal information or clicking on a malicious link.
Attacks can have damaging impacts, no matter what your business does.
“We’re fairly fortunate at OLIO in that we don’t currently store any particularly sensitive data about our users, nor do we have any payments set-up,” says Mr Watkin.
“Therefore, as a target we are quite small. But that doesn’t mean security isn’t very important.”
The consequences of any successful cyber-attack can range from the theft of sensitive customer or business data, disruption to your work or loss of trust from customers and subsequent damage to your commercial relationships and reputation.
Whatever the consequences, no small business wants to fall victim to an attack in a commercial environment that is already more challenging than usual.
Good security practices
Small and medium-sized businesses can implement good security practices to keep themselves – and their all-important data – safe.
“As standard, we have firewalls turned on and locked down security access lists for our servers,” says Mr Watkin.
Many employees are handling sensitive data remotely at the moment. Implementing a robust password routine, setting up multifactor authentication for accessing cloud services, and making use of Virtual Private Networks (VPN) can help keep systems and information secure.
Protecting mobile devices is also important, especially with more employees working from home. Mobile security software, such as Lookout, can secure devices against phishing and other threats.
IT teams can use Mobile Device Management (MDM) software to help prevent a data breach or leak in the event a smartphone is lost or stolen. Using MDM, IT teams can remotely lock or wipe a lost or stolen phone as soon as it comes online.
Cyber-criminals’ tactics continually evolve, but there are ways IT teams at smaller businesses can keep ahead of the latest threats.
OLIO’s servers are automatically patched for security issues, to ensure the system remains updated. The company also receives notices about the latest software vulnerabilities and proactively monitors its systems.
We lean heavily on automated tools and checks
(Floyd Watkin, OLIO)
“We’ve signed up to standard Common Vulnerabilities and Exposures (CVEs) alerts,” says Mr Watkin. “We also run AWS [Amazon Web Services] tools that keep an eye on our traffic and highlight anything out of the ordinary.”
It’s even more important to keep up-to-date as the nature of one’s business changes. Many smaller businesses have focused on their digital and online sales channels because of the lockdown – and that can introduce new security challenges.
For example, with OLIO’s digital platform, Watkin and the team take particular care whenever they roll out new software or infrastructure.
“We lean heavily on automated tools and checks to ensure that we aren’t introducing any software that could put our customer data at risk, as well as code reviews that include an aspect of security checking,” says Mr Watkin.
By identifying any vulnerabilities unique to their set-up, smaller businesses can anticipate and neutralise threats before they arise.
OLIO has a robust security programme in place. But as a fast-growing business, the only way it – and other SMBs – can stay secure is to stay vigilant.