Small businesses should empower staff to become ‘cyber security champions’ to protect against cyber attacks

Staff vigilance is vital in the prevention of cyber attacks, and small businesses should consider training their staff to equip them with the skills needed to protect against hackers.

The Government has called for employers to empower more staff to become ‘cyber security champions’ and equip them with the skills to spot and prevent a cyber attack.

A cyber attack on a small business can cause everything from disruption to everyday operations, staff being prevented in carrying out work, to lost revenue if customers could not access online services, so it is worth SME business leaders implementing a #CyberSpringClean ahead of the new financial year. This should ensure that their workforce is able to raise the alarm and prevent a cyber attack and can also help firms meet their obligations under GDPR to protect personal data.

Choosing cyber security champions

Cyber security champions don’t need to be technical experts. What businesses need from their cyber security champions are people who can talk to their colleagues and help to keep security at front of mind at all times.

In nearly three-fifths (57%)* of businesses experiencing recent cyber attacks, the most disruptive was reported directly by staff, rather than picked up automatically by software.

Research from DCMS, as part of the cross-government Cyber Aware campaign, found that many employees (38%) believe only staff responsible for IT can protect an organisation from a cyber attack. However, all staff should play a role in protecting the business, cyber security champions should help promote this mindset.

What steps can you take to make your business cyber secure?

To help your business be cyber aware, here are some quick, practical, and cost-effective steps to significantly reduce the risk of becoming a victim of cyber crime:

1. Back up your data: Make regular backups of your important data to an external device or to the “cloud”, and test these backups can be restored
2. Install the latest software and app updates on all devices: Installing the latest software and app updates helps protect your devices from viruses and hackers as they contain vital security updates
3. Keep your devices safe: Switch on password protection for your smartphones and tablets. Use a suitable complex PIN or password which can’t be easily guessed
4. Use strong passwords to protect data: Use two factor authentication for ‘important’ accounts, like your email or bank account. Avoid using predictable passwords
5. Avoiding phishing attacks: Scammers send fake emails to thousands of businesses trying to trick you out of sensitive information like bank details. Use our advice to check for the obvious signs of phishing, like poor spelling, dodgy logos and requests to “act now”.

This advice can help an individual in a business navigate simple steps to improve cyber security and can be low cost or no cost for the business at all.

Read next: Common cyber security myths (and the truths behind them)

*DCMS & NCSC/Ipsos Mori research on motivations and, barriers around cyber security, to be published due 2019

**Cyber Security Breaches Survey 2018 PDF