If you own a small to medium-sized business here in London, your computers and mobile devices (such as tablets and phones) access, share and store a ton of information that’s important to your enterprise and its work, finances, employees and customers. Sadly, this data isn’t always safe from prying eyes, even when tucked away in some supposedly hard-to-reach, password-protected places. So we make no excuses for regularly writing about data security because, according the UK’s Federation of Small Businesses (FSB), smaller enterprises are collectively subject to almost 10,000 cyber-attacks a day. One in five small firms say they’ve suffered a cyberattack in the last two years. What’s more, the annual cost of such IT security attacks to the small business community is estimated to be £4.5 billion. In this blog post, then, we’re going to focus on why data security demands your attention. More than that, we’re going to provide you with our top tips for keeping your data and business safe.\nWhy data security demands your attention – nine ways you can bolster your cyber defences\nThe FSB research highlights the scale of the problem: one in three small firms say they have not installed security software over the past two years; four in ten do not regularly update their software or their IT systems or back up their data, and fewer than half have a strict password policy for devices. If this research chimes with the experience of your small London-based business, then your data security demands your attention. So here, as promised, are those nine ways you can bolster your data security defences:\n Adopt password best practices\nWe know passwords are the bane of modern life! And creating strong, easy to remember but hard to crack versions can seem a challenge. However, it’s actually easier than you think. In reality, you don’t need a random jumble of numbers, letters and symbols to keep the cybercriminals at bay, instead:\n\nAvoid common phrases, techniques or keyboard paths, such as 1234567, password or qwerty,\nUse a password that will resonate with you and you’ll remember it (like the name of a favourite sports’ person or pop star from your childhood)\nRemember that the more characters you use, the more secure your password is\nInclude a variety of characters, from at least one lowercase letter and one uppercase letter to a number and four symbols (but NOT the symbols &%#@_\nNever use a password in more than one place\nChange your passwords at least once a year\n\nThis process can be much easier if you use a password manager which will help you and your team to create, store and share passwords.\nTry Two-Factor or Multifactor Authentication \nTwo-factor authentication (2FA) adds an additional layer of protection to your accounts. This sign-in method needs additional information aside from your username and password, ranging from a PIN number sent to your mobile device or e-mail, to fingerprint authentication.\nAs you’ve probably guessed, multifactor authentication (MFA) uses this same approach but requires even more layers of information than the two-step version.\nNever wait or hesitate with updates\nBasically, install updates, fixes and patches as soon as you receive them from the vendors of your computers, devices, networks, software and applications.\nOutdated and unsupported technology is a serious threat to your data security, as these updates are usually designed to close already detected security weaknesses.\nTo make the process easier, you can usually set-up your technology to update automatically. While we’re on the subject, be sure to keep extensions, such as Flash and Java, fully up to date.\nInstall both a firewall and an antivirus program \nPut simply, implementing a reliable and robust anti-virus software in conjunction with a firewall is perhaps the most cost effective and efficient way to fight a wide range of malicious cyber threats.\nA firewall filters the activity coming into your system, stopping malicious software and hackers before they get in; while antivirus systems captures and quarantines any threats that make it through your firewall.\nAlways:\n\nbuy anti-virus software from trusted companies\nRun one anti-virus software on your computer at a time\nLeave your firewall and antivirus software ON (but if you need to allow a program through, set up an exception instead).\n\nUnderstand phishing scams and how to stop them \nPhishing scams can be hard to spot, particularly to the untrained eye and especially as the cybercriminal and their hacks are becoming ever more sophisticated.\nEssentially, a phishing scam is where you’re sent malicious code or similar in an attachment to (or link provided in) an e-mail.\nWorryingly, cybercriminals can now mimic the look and tone of e-mails from genuine organisations, including those you’re probably familiar with. But you can help protect technology and data from phishing attacks in these ways:\n\nNever click on a suspicious link\nNever open an email from a sender you do not know\nAlways inspect e-mails, keeping an eye out for spelling errors and blatant typos,\nAlways inspect links, even those sent by friends – they can be hacked, too.\n\nNote: these threats don’t only come in e-mails. They can arrive as telephone calls and flyers on your doormat, although the aim is always the same: to gather your personal information and exploit it.\nPublic Wi-Fi is no-no\nPublic Wi-Fi networks tend to be insecure, and those who are tech-savvy can pry on and steal the information you’re viewing, sharing or working with while connected.\nWherever possible, have your team use either a virtual private network (VPN) or, if that’s not possible, their mobile phone to access the data they need.\nSecure your mobile and remote devices \nEvery endpoint device connected to your network (such as a mobile phone, laptop or tablet) is a cybersecurity risk just waiting to be hacked. It’s important therefore that you work to secure these as well as you would your in-house systems.\nSo you and your people should use your mobile devices responsibly to keep them more secure, always:\n\nuse a secure password or PIN\nInstall new updates as soon as possible\nOnly ever use apps from trusted vendors\nKeep personal information out of text and e-mail messages.\n\nBe alert and aware at all times\nAccording to the USA’s IT Governance blog, 53% of successful cyber attacks infiltrate organisations without being detected and 91% of all incidents don’t generate an alert.\nSo keep your eye open for other telltale signs of a successful hack. These include:\n\nYour systems acting strangely\nBeing denied access to files, folders, apps or software\nYour bank balance not being what it should\nYour credit score suddenly plummeting for no apparent reason\n\nMake backing up part of your routine\nIf the worst happens and a cybercriminal makes it into your IT infrastructure, they may corrupt, destroy or hold to ransom your data.\nData loss can be mitigated IF you’ve regularly backed up and can rapidly upload a clean, recent version of your data onto your systems.\nThe best and simplest way to backup is to adopt the 3-2-1 strategy. This simply means you should have three copies of your data (your production data and two backup copies) on two different mediums (disk and tape) with one copy safely stored off-site for disaster recovery purposes.\nAny data breach can threaten your business, IT infrastructure, IP, confidential customer information and hard earned reputation.\nWhat’s more, such a breach can badly impact your finances. How? Well, under international data protection regulations, such as the EU’s General Data Protection Regulation (GDPR), data infringements can lead to a maximum fine of €20 million or 4% of your business’s annual global turnover – whichever is greater.\nStrengthen your weakest link\nThe chink in any organisation’s cyber security armour is human error and the online threat actors know this. Chances are, it’ll be one of your team who inadvertently clicks on a malicious attachment or link and unleashes a malware or ransomware attack.\nSo everyone who regularly uses your technology (or their own) connected to your business network, should know how to keep your IT, network, data, IP and confidential information cyber secure. According to Staffing Future, one of the fastest growing staffing website design companies in the US and the UK, technology available is growing more sophisticated and more complex. Employees should be able to spot, stop and report the common cyber security attacks. Security training for your team members is becoming increasingly important as more and more people move to remote working.\nInvesting in data security and broad security training and education for your team in the many, various and evolving cybersecurity threats out there will deliver the best possible return.\nWe take your data security and IT security seriously \nStaying safe online is now considered mission critical for businesses of all sizes from start-ups, SOHOs and SMEs to global, blue chip corporations.\nHowever, if you own and manage a small to medium-sized business in London, finding time to invest in data security, IT security and security training can be difficult. So why not talk to our highly experienced and expert cybersecurity services team?\nA confidential, no-obligation chat to us about safeguarding your business against the online threats, from IT security to security training advice, will pay dividends. In fact, we’ve helped numerous organisations across the Capital to perfect their data security since our formation in 2008 and on the way we’ve even managed to earn a couple of consecutive Feefo Gold Trusted Service Awards, Five Star ratings from both Trustpilot and Google and 98% client retention rate.