Small businesses should empower staff to become ‘cyber security champions’ to protect against cyber attacks

Staff vigilance is vital in the prevention of cyber attacks, and small businesses should consider training their staff to equip them with the skills needed to protect their cyber security from hackers.

This week, the Government has called for employers to empower more staff to become ‘cyber security champions’ and equip them with the skills to spot and prevent a cyber attack with confidence, so the following sets out the best way to do this.

Choosing a cyber security champion

The cyber security champion doesn’t need to be a technical expert as there is some great practical advice available in the free Small Business Guide. What businesses need from their cyber security champion is someone who can talk to their colleagues and help to keep security at front of mind.

In nearly three-fifths (57%)* of businesses experiencing recent cyber attacks, the most disruptive was reported directly by staff, rather than picked up automatically by software.

Having an individual whose job role includes cyber security is directly linked to a faster response. However, research shows that only 35% of businesses have staff whose job role includes internet security or governance, despite two thirds (68%)** saying cyber security is a high priority.

It is important to pick the right person – for example someone who is good at communicating or motivating staff – and give them the tools and support to raise awareness and implement good cyber security measures.

Upcoming research from DCMS, as part of the cross-government Cyber Aware campaign, found that many employees (38%) believe only staff responsible for IT can protect an organisation from a cyber attack. However, all staff can play a role in protecting the business and the Government’s free guide is available to help. It is worth SME business leaders implementing a #CyberSpringClean ahead of the new financial year to ensure their workforce is able to raise the alarm and prevent a cyber attack. This can also help firms meet their obligations the new GDPR law to protect their customers’ personal data.

How common are cyber attacks and what is the costs to businesses?

Research found that 42% of micro/small businesses experienced a cyber attack in the last 12 months, with cyber attacks on small businesses costing an average of nearly £900. This incudes everything from disruption to everyday operations, staff being prevented in carrying out work, to lost revenue if customers could not access online services.

What steps can you take to make your business cyber secure?

To help your business be cyber aware, here are some quick, practical, and cost-effective steps to significantly reduce the risk of becoming a victim of cyber crime from the Small Business Guide:

Back up your data:Make regular backups of your important data to an external device or to the “cloud”, and test these backups can be restored
Install the latest software and app updates on all devices: Installing the latest software and app updates helps protect your devices from viruses and hackers as they contain vital security updates
Keep your devices safe: Switch on password protection for your smartphones and tablets. Use a suitable complex PIN or password which can’t be easily guessed
Use strong passwords to protect data:Use two factor authentication for ‘important’ accounts, like your email or bank account. Avoid using predictable passwords
Avoiding phishing attacks:Scammers send fake emails to thousands of businesses trying to trick you out of sensitive information like bank details. Use our advice to check for the obvious signs of phishing, like poor spelling, dodgy logos and requests to “act now”.

This advice can help an individual in a business navigate simple steps to improve cyber security and can be low cost or no cost for the business at all. A set of short videosis also available to support this advice. For more information visit: www.cyberaware.gov.uk/protect-your-business