According to research from popular exercise app Strava, the second Friday of January is “quitters’ day”– the day when people are most likely to give up on New Year’s resolutions. 

It’s the day when all those promises made in good faith back in December go up in smoke. Running shoes across the land are hurled to the back of the nearest cupboard, never to see the light of day again. Gym memberships are forgotten about. And new hobbies fall by the wayside.

The biggest problem with most New Year’s resolutions is their difficulty. Sure, the long-term gains might be amazing, but what about the months of pain and effort to get there?

But not all resolutions have to be difficult or doomed to failure. Take, for example, our list of easy cybersecurity New Year’s resolutions. 

Unlike attempting a couch to 5k or taking up a new hobby, they don’t require hours of your time to see results. Nor do you need to go out and buy expensive new tools or overhaul existing processes. All it takes is a few tweaks here and there to get your business’s cybersecurity fighting fit for the year ahead.

And the best part? Once you’re in the habit, you’re unlikely to break them. 

1. Start patching and updating software regularly 

We bang the patching drum a lot at CyberSmart. Regular readers of our blog will have noticed we mention it at every possible opportunity. But, as repetitive as it might be, there’s a very good reason behind our love affair with patching.

Regularly updating your software and operating systems is the easiest, most time-efficient way to improve your cybersecurity. Even, the best software becomes outdated or develops gaps and, when it does, cybercriminals suddenly have an easy route into your business. 

Fortunately, avoiding the worst is incredibly easy and it shouldn’t take you more than a couple of minutes each month. All it requires is that you check every now and then for any new updates to tools and software you use. Or, if you want an even easier solution, simply turn on auto-updates in your device’s settings, and you won’t even have to think about it.

To learn more about patching, check out our recent blog on the subject. 

2. Create a password policy

Of all the resolutions on this list, creating a secure password policy is by far the simplest. Most of us know the importance of strong passwords, but that doesn’t stop us using the same easily-guessable phrase we’ve been using since 2001 for everything. We’re only human after all. 

The problem is this poses a huge security risk. It only takes a cybercriminal to crack one insecure password in your business for disaster to strike. But the good news is fixing it is simple.

Set up a password policy and ensure everyone in the business follows it. Often, it doesn’t take much more than a well-worded email and a few friendly nudges to get everyone on board.

What should go in the policy? Well, a strong password policy should have four key points:

• Use complex passwords that are a combination of letters, numbers and symbols. In-built browser tools like Google Chrome’s password generator are great for this
• Change passwords regularly
• Set up different passwords for different accounts, tools and software. If you struggle with remembering them, consider using a secure password manager tool like LastPass or 1password
• Use two-factor authentication (2FA) wherever possible 

3. Use encryption 

Encryption is one of those technologies that everyone has a vague notion they should be using. However, many of us get put off by misconception that it’s difficult to set up or hard to understand if you’re not a techy type.

In reality, this couldn’t be further from the truth. You probably already use encryption a lot in your daily life, you just don’t know it. Ever sent a message using WhatsApp? That’s encryption. Bought something from a web store? Encryption.

We won’t go into exactly how it works (if you’d like to know more we have a whole blog on the subject) but, essentially, encryption randomises data so that only an authorised recipient with a key can see it. 

Due to the complexity of the randomisation process, encryption is near impossible to break so it offers a level of security passwords alone can’t match. Better still, once you’ve set it up and are used to using it, it’s unlikely you’ll ever have to think about it again.

4. Make cybersecurity part this year’s budget

Attacks on SMEs now account for 58% of all cybercrime. What’s more, small businesses’ ability to absorb an attack is limited. Research from insurance and risk consultancy firm, Gallagher, found that over 50,000 UK SMEs would collapse if hit by a cyberattack.

Given the risks, you would expect cybersecurity to be top of most businesses’ budgeting lists. However, that’s often not the case. It’s not hard to see why; if you’re an SME performing financial wizardry each year just to keep things ticking over, cybersecurity can feel like a ‘nice to have’ rather than a priority. It’s this that leads to many smaller businesses making do with anti-virus and little else.

Unfortunately, firms who do this are playing Russian roulette without being conscious of it. Sooner or later, an enterprising cybercriminal will take advantage of weak defences, no matter how small your business. It’s a simple thing, but make 2021 the year cybersecurity features in your annual budget.

5. Get Cyber Essentials certified 

If you’ve heard of Cyber Essentials, you’re likely questioning this suggestion. Isn’t Cyber Essentials certification a long, drawn-out process that takes weeks to complete? It’s hardly fitting for a list of ‘easy’ resolutions.

Well, the truth is that getting Cyber Essentials certified can be like that. However, it doesn’t have to be. At CyberSmart we offer a Cyber Essentials certification process that can take as little as 24 hours, with no need for constant back and forth. We’ll tell you whether you’re going to pass before you submit and help you address any problems, so you only need to do it once.

Getting Cyber Essentials certified is a requirement for many government tenders and can protect your business from 98.5% of cybersecurity threats. But the benefits don’t end there. It’s also a great indicator of your business’s commitment to security, marking you out as trustworthy and safe to potential partners and customers.

So concludes our 2021 cybersecurity New Year’s resolutions. Although we’d recommend doing everything we’ve suggested, even adopting just one will noticeably improve your business’s cybersecurity. So why not kick the year off with a resolution you’ll keep? 

Looking to improve your cybersecurity but not sure where to begin? Start 2021 the right way, by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

It’s the stuff nightmares are made of. What started as another mundane Monday afternoon has suddenly morphed into one of your worst-case scenarios.  Your business has been hacked.

The scariest part is that you may not even notice. If you’re lucky, you may receive a ransomware notification or a good samaritan might inform you but often the telltale signs of a breach are more insidious. Here’s how to spot and tackle them.

9 warning signs you’ve been hacked –  and what to do about them

Unexpected changes to files 

Many modern businesses allow for organisation-wide access to documents and real-time editing. Think tools like Google Docs or your Microsoft 365 package. Telling the difference between colleagues’ tracked changes on that ten-page report you wrote and more nefarious activity can be tricky. But it’s not impossible. 

Look for revisions outside of what you’d normally expect. For example, document name changes, or files that have been mysteriously deleted. Like fingerprints at a crime scene, all of these could point to a hacker’s presence.

What to do: To keep the hackers at bay, start by changing all company passwords, installing encryption software and double-checking everyone is following your security policy. If the problem persists, consider speaking to an expert.

Spam emails sent from company email accounts 

No one likes spam. It’s annoying and nothing turns off a prospective customer more quickly than a deluge of unwanted emails. But if you suddenly start receiving complaints from customers or unsubscribe numbers start climbing, it’s also a sure sign you’ve been hacked. 

What to do: Keep a close watch on your outgoing emails. It’s likely your marketing team are already tracking emails for key metrics, so ask them to keep an eye out for anything that looks out of place. On an individual level, regularly check the sent folder in your emails for messages that you don’t remember sending or look spammy. 

If you do discover something’s wrong, follow the steps we outlined above for file changes. 

Secure your business today. Get Cyber Essentials certified.

Unusual financial activity

It’s generally known that most hackers are out for one thing: money. So one of the most important places to regularly check is company bank accounts.

Check business statements regularly for unusual withdrawals or payments from your account. If you do spot anything, there’s a very real chance you’ve been hacked. And, remember, cybercriminals won’t necessarily steal large amounts. One of the most successful small-scale hacks of recent years involved a cybercriminal stealing from multiple businesses, a few ill-gotten cents at a time. 

What to do: If you do find irregularities, change passwords for all company accounts, turn on transaction alerts and contact your bank – most will reimburse any stolen funds.

Unwelcome installations

It can be difficult to keep track of the various tools and software everyone within your business has installed. This is particularly true in the frenetic world of an SME or startup.

Nevertheless, there’s a big difference between the tools your people need and unwanted software no one remembers installing. Sometimes this software is completely harmless. We all accidentally install a browser add-on now and then. However, there’s also a chance that if someone doesn’t remember installing something, it’s been added remotely by a cybercriminal.

What to do: The fix for unwelcome installations is a simple, but time-consuming, one. Perform regular checks on the software and toolbars in use on all company devices. And, if you find any applications that look strange or aren’t in use, uninstall them. 

Random pop-ups

Like it’s equally irritating cousin, spam, we all hate pop-ups. We hate them so much that more than 600 million devices (or 11% of all the devices in the world) are currently using an ad blocker.

However, there might be something more to the pop-ups you’re seeing than an annoying sideshow. If you’re getting popups from websites that wouldn’t usually generate them – particularly, reputable ones – it could indicate your system has been compromised. 

What to do: Unfortunately, there’s no quick fix for this problem. The best way to clean up your systems is to manually delete any software or toolbars you haven’t installed yourself (see above). At this point, it’s perfectly acceptable to let out a long sigh. 

Company devices behaving strangely 

When we talk about ‘devices behaving strangely’ it’s important to stress we don’t mean the ‘Wednesday afternoon go-slow’ your laptop experiences from time to time. 

We mean really strange behaviour. For example, your mouse cursor moving of its own free will or random flickering on your monitor. Both of these things could indicate something much more serious is going on.

What to do: If you do notice your device behaving strangely, it’s time to call in the experts. Disconnect your device from the internet, power it down and turn your router off. Although these steps won’t undo the breach, they will at least stop hackers inflicting any damage before you get expert help. 

Internet searches being redirected

We mentioned earlier that most hackers are interested in making money, and stealing isn’t the only way to do it. An easier, far less risky, way for cybercriminals to make a fast buck is to redirect your browser searches somewhere you don’t want to go. By redirecting your searches to another website (often the site owner has no idea the site is being used this way) the hacker gets paid for your clicks. 

What to do: If your internet searches are being redirected then there’s a high chance you’ve also got bogus toolbars and software installed on your device. Simply follow the same process we outlined earlier for software and that should fix things. 

Changes to your security settings

Cybercriminals are clever, but that doesn’t mean they’re above crude tactics. And top of the list of ‘obvious but effective’ hacker tactics is turning firewalls, ad blockers and anti-virus tools off.

Keep a close eye on your security settings. If something is turned off that shouldn’t be, it’s most likely just down to human error. However, it’s well worth switching it back on and seeing what happens. If the same thing happens again, it could mean you’ve been hacked.

What to do: By far the best thing to do is back up any files that aren’t already and do a complete system restore. There’s no telling what has happened without expert help, so the first step should always be a complete reset of any affected devices. 

Confidential data has been leaked

Of all the warning signs on this list, discovering confidential company information has been found in an online data dump is the most obvious. Unfortunately, it’s also very tricky to fix.

What to do: The information is already out there, so your actions need to be more about reputation management and preventing it from happening again, rather than addressing the immediate problem. If the worst should happen, it’s time for a full audit of your security procedures, policies and infrastructure. 

Defence starts with prevention 

It might sound cliched, but the best cure for being hacked really is prevention. Relying on anti-malware tools will only get you so far. The real gains are to be made in ensuring you have clear security protocols that prevent common mistakes, using tools like encryption and two-factor authentication, and checking company devices continually. 

Don’t wait until one of these warning signs appears. Instead, think of cybersecurity as you would office security. The more often you check doors and windows are properly locked and know exactly who has access to the keys, the less likely you are to suffer a break-in. Why should your cybersecurity be any different? 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Most of us have heard of encryption. It’s that recipe for secrecy that techy types talk about all the time. But for many of us, that’s where the knowledge ends.

However, for small businesses looking to improve cybersecurity, encryption can be a vital weapon in your arsenal- and one that isn’t so hard to understand. Here’s a simple explanation of what encryption is, why you need it, and when to use it.

What is encryption?

Although encryption, much like ‘the blockchain’, can seem like another one of those unfathomable technical terms, it’s actually pretty simple.

Encryption is most commonly used to protect data in transit and at rest. Ever sent a Facebook Messenger or WhatsApp message? That uses encryption. Or, a payment using online banking? Also encryption. How about buying something from a web store? You guessed it, encryption again.

You get the picture. Encryption is used everywhere in our daily lives, but how does it work?

In non-technical terms, encryption is a way of randomising data so that only an authorised recipient can understand the information. Encryption converts plaintext – for example, the text in an email between you and a colleague – and converts it into ciphertext, a string of random numbers and letters. To unlock the real message or data, you need an encryption key, which is a set of mathematical values that only the sender and the recipient of the message know, like so:

Photo PixelPrivacy

The principle is much the same as a password, but better (as we’ll see).

Why does your business need it?

So we’ve covered, in very simple terms, what encryption is. The next question is why should SMEs be using it? It’s easy to assume that if you’re not a huge multinational, processing reams of sensitive information, that your standard security tools such as firewalls and secure passwords are enough to protect your data. However, there are three key reasons why this isn’t the case.

Cyber attacks are on the rise

It’s likely not news to you that cybersecurity threats to SMEs are on the rise. Barely a week goes by without another news story or set of figures released to that effect. Indeed, the Federation of Small Businesses estimates that SMEs are collectively subject to almost 10,000 cyber-attacks a day.

A recent report from cybersecurity experts, Malwarebytes, reveals that detections of new malware continue to increase by 1% year-on-year.

A big part of the problem is the ever-increasing volume and variety of malware out there. A recent report from cybersecurity experts, Malwarebytes, reveals that detections of new malware continue to increase by 1% year-on-year. This might not sound like much, but when we’re talking about detections in the tens of millions, it soon adds up.

In this environment, it’s getting harder and harder to stay ahead of the threat. However, adopting encryption can act as a strong second line of defence. For instance, someone in your organisation accidentally clicks on a malware link in an email (something we’ve all done at least once), potentially exposing your data to an attacker. Using encryption means that they won’t be able to read whatever they find without a key, meaning your data is safe.

You’re using a cloud service

Cloud computing is now a vital part of the daily operations of most SMEs. And if you’re doing business entirely in the cloud, and don’t store any sensitive data on employees’ devices, you’re safe, right? After all, the likes of Amazon, Google, and Microsoft spend billions of dollars a year on the security of their cloud services.

Unfortunately, this is only partly true. Obviously storing your data in a cloud is far better than having everything on vulnerable systems, but that doesn’t mean it’s entirely safe.

To give an example, let’s say you use a cloud-based platform like Office 365 for your everyday operations. A would-be hacker can still intercept your data as it moves between your device and the cloud. As we’ve already mentioned, this is unlikely if you’re working with a reputable cloud provider, but it’s not impossible or even that uncommon. Using strong encryption can help protect you against this by adding another layer of defence.

Passwords aren’t the be-all and end-all

Now, you may be thinking ‘but my business has a clear password protection policy and we regularly change our passwords for laptops and devices, surely that’s enough?’
Not quite. While it’s true that a strong security policy can help protect your business against regular theft and even less sophisticated cyberattacks, it’s not enough to protect you from the really harmful stuff.

Hackers are always finding a way around even the strictest security policies and new methods for cracking passwords appear all the time. To be totally sure, you need an a solution that allows you to completely encode everything on your device. This means that even in the event someone does manage to break in, all they’ll be able to extract is random gobbledegook that’s little use to anyone without the right encryption key.

How do you use encryption?

Finally, let’s take a look at how you can use encryption to protect your business. Encryption can take many forms. How you use it will depend on what you need it for, but some common uses include:

End-to-end encryption – This guarantees data sent between two parties cannot be viewed by anyone else. Most of the internal communication tools such as Slack or Google Hangouts will come with this as standard, but it’s worth checking whichever messaging tool you use.

Cloud storage encryption – A service offered by cloud storage providers that transforms your data or text using an algorithm and stores it safely in the cloud.

Encryption as a Service (EaaS) – EaaS represents the next step up from cloud storage encryption. It’s the perfect tool for small businesses who want to use encryption but lack the resources to do manage it themselves. EaaS subscription models typically include full-disk, database, and file encryption.

Of course, these are far from the only uses of encryption. You can also use it to protect certain fields on your website, encrypt everything leaving or entering your web server and a hundred other things besides. The above are just the most common applications for SMEs.

Data is more important than ever to SMEs. In fact, in our data-driven economy, it’s often the most valuable asset a business possesses. Basic cyber-hygiene such as encryption can go a long way towards helping you protect it.

Show your customers you value their data by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.