Richard Blech specialist in cybercrime discusses statistics in cybercrime, online fraud and theft of data make for alarming reading. The Federation of Small Businesses i.e. FSB claim that over 45% of their members have been victim to various online crimes such as hacking attacks, malware infections, or full scale data breaches between 2016-2017. With the average cost per business being and estimated £1,400.

For both small and medium-sized-businesses (SMB) owners, the impact of these cyber attacks, are far worse than just the financial loss and the disruption to work flow and standards – they must also take into account the loss of reputation and indeed the trust of their customers to consider too. Owing to this, it a difficult for SMBs to find doable and affordable security practises, which in turn can lead to very substandard online protection or ultimately no security at all.

So to help solve these issues here are some ways to make them SMB businesses more secure.

Know your data

Remember not all data is the same. The beginning point for any business/company must be the realisation that data is business-critical and indeed very sensitive. Businesses need to identify how this data it’s used and more importantly where it is being stored. So the most routine audits can be actioned, considering what may happen if a breach of data were to occur, especially financial data, customer records or employee records being compromised

Once a business/company understands what the likely effect might be – and they can always be many “what if” scenarios, depending on the type of attack/breach – they will require a blueprint for business-impact levels.

Obviously very High-risk data will need to be appropriately secured, and business can devote more of their resources to making that so. But it does not stop there, businesses should not ignore data that they have classified as less important/risky; rather, you must prioritise each set of data and make and measure security measures accordingly.

Easy to manage your passwords

Passwords as we know should be at the centre of most if not all security policies, but ensuring that they are secure and enforcing these measures isn’t always easy. Consumers can use services such as LastPass to help them generate and manage their passwords, but the question is should a business/company invest in the use of password managers?

For example LastPass and other password services have a few versions available at a reasonably low cost. They offer many basic secure-password-generation options that you would expect of a service but also should offer a variety of business-orientated extras: i.e. you can set business-wide restricted password standards to meet the companies policy requirements, or indeed apply customised policies to restrict access for specific devices, groups, locations or partner businesses.

Also here is Active Directory (AD)/Lightweight Directory Access Protocol (LDAP) password integration. Which can import existing AD profiles, as well as automate reporting features to highlight weakness in your password security flow, and can offer real-time syncing across all devices to facilitate with the rise of the Bring Your Own Device (BYOD) culture and measures. All this can be protected by a unique master password, which can easily be reset or revoked by an designated administrator.