Top tips for keeping your business safe online
By Kevin Brown, Managing Director, BT Security; Sarah Lyons, Deputy Director, National Cyber Security Centre
While large organisations often have entire teams dedicated to security, many smaller businesses with limited bandwidth and resources struggle to understand the steps they need to take to protect their organisation. In fact, in a recent survey 65% of small businesses said they had sought external information or guidance on security in the last 12 months, with many organizations remaining unclear on the appropriate methods to safeguard their business.
In response, BT have partnered with the National Cyber Security Centre (NCSC) to provide businesses with top tips for staying secure online. The NCSC is the nation’s technical authority on cyber security and provides products and guidance for SMEs, larger organisations, government agencies and the public.
Tip 1 – Backing up Your Data
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you are ensuring your business can still function following the impact of flood, fire, physical damage, or theft. Furthermore, if you have backups of your data that you can quickly respond and recover in the event of a cyber breach
Your first step is to identify your essential data. This is the information that your business could not function without. Normally, this will comprise of documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet, or network.
Once you have identified your most important data, keep your backups separate from your main computers. Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they are not accessible by unauthorised staff members and are not permanently connected to the device holding the original copy. You can also back up your data with cloud storage, which means your data is physically separated from your computers and can be accessed from any device, simply by logging into your cloud environment.
Tip 2 – Protecting Your Organisation from Malware
Malicious software (also known as 'malware') is software or web content that can harm your organisation. This can include viruses, spyware, or ransomware which prevents users from accessing their computers (or the data stored on them) until a ransom is paid.
For all your IT equipment, make sure that the software and firmware is always kept up to date with the latest versions from software developers, hardware suppliers and vendors. Applying these updates is one of the most important things you can do to improve security - the IT version of eating your fruit and veg.
Ensure that your organisation is also running antivirus software across all your laptops and computers. Antivirus software is often included free within popular operating systems and can typically be enabled with one click. This is the same for firewalls which create a 'buffer zone' between your own network and external networks (such as the Internet). BT works with the NCSC on its ‘Active Cyber Defence’ programme, which aims to prevent the majority of malicious emails from reaching individuals and businesses in the UK – but most popular operating systems also now include a firewall, which you can switch on to protect yourself even further.
Tip 3 – Avoiding Phishing Attacks
A phishing attack is when scammers send fake emails to potential victims, asking them for sensitive information (such as bank details), or containing links to malicious websites. Scammers might try to trick you into sending money, giving away business details to sell on, or have their own motives for accessing your organisation's network.
Many phishing emails will often have similar warning signs which can include:
Poor spelling, grammar, and punctuation
Generic greeting, such as ‘Dear Customer’ rather than using your name
A sense of urgency
Email from high-ranking persons within your organisation, asking you to do something outside normal processes
An offer of money or exclusive benefit
However, expecting your staff to identify and report all phishing emails is an unrealistic request, as fraudulent emails are becoming harder to spot. Never punish users who are struggling to recognise suspicious emails – users who fear reprisals will not report mistakes promptly, if at all. Instead, build a culture where users can confidently report phishing attempts (including ones that are clicked on) by having an effective process in place for reporting. You can then take steps to scan for malware and change passwords in a timely manner if you suspect a successful breach has occurred.
For further information on implementing these top tips, check out the NCSC’s Small Business Guide: Cyber Security
BT’s Top Tips on Tech page also has a dedicated section of security for businesses alongside wider guidance for staying safe online. In addition, our Skills for Tomorrow site has a range of guidance on improving Cyber Security in your organisation.
 Cyber Security Breaches Survey 2020: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2020