Fullscreen Menu - Background

Subscribe to SME News Search for an article Our amazing team

Ground Floor, Suites B-D, The Maltsters,
1-2 Wetmore Road, Burton upon Trent
Staffordshire, DE14 1LS

Background
Posted 29th November 2018

Protecting Your Data This Christmas

Christmas is a wonderful time of the year, full of holiday cheer and family get-togethers. Yet it is also the time when small businesses are at their most vulnerable.

Mouse Scroll AnimationScroll to keep reading
Fixed Badge - Right
protecting your data this christmas.


Protecting Your Data This Christmas

How small businesses can protect their confidential data this Christmas

Nik Williams, MD at information management company Shredall SDS Group

Christmas is a wonderful time of the year, full of holiday cheer and family get-togethers. Yet it is also the time when small businesses are at their most vulnerable. The business wind down before the holidays can be extremely dangerous for SMEs. Only having skeleton staff present, while other employees either work remotely on insecure devices or are on annual leave, increases the potential for a data breach exponentially.

Given that the average cost of UK data breaches rose this year to £2.7 million, businesses of all shapes and sizes should be extremely wary of how their data is stored and handled – particularly during the Christmas holidays.

Allianz Insurance recently conducted a study with 500 small business leaders, finding that data loss, misuse and theft are considered the number one threat facing SMEs in 2018. With the holiday season now approaching, small businesses should begin taking the appropriate steps to protect themselves.


1.    Deliver training

Christmas is the optimal time for cybercrime. Most staff members are either working from home or on annual leave, and those that do come into the office often have their guard down.

Hackers take advantage of this false sense of security through phishing scams –  attempts to obtain sensitive information such as usernames, passwords and credit card details by disguising themselves as a member of the company or a trusted third party. These scams are typically carried out via email spoofing, whereby an email is sent with a forged sender address in the hope that an employee opens the email and clicks on a link that gives the hacker access to their systems.

Another deceptive approach taken by holiday hackers is to carry out Man in the Middle (MitM) attacks. With flexible working becoming an increasingly popular working arrangement, employees are likely to work remotely during the holidays to spend more time with their family, often using public WiFi networks in coffee shops, trains and hotels. However, public WiFi networks are insecure and competent hackers can compromise the private communications made from the employee’s device, injecting new messages and impersonating the other party to make them reveal sensitive information.

Hackers will already be preparing for the holiday season, meaning SMEs should do the same. Managers should deliver comprehensive training on how to avoid damaging data breaches and how to react should one occur. For example, employees should be taught how to create secure passwords that are unique and changed regularly, as well as highlighting the importance of not sharing them.

Training sessions should be delivered on spotting a potential phishing scam and how to alert the appropriate members of staff. Finally, small companies can specify that company-owned devices should only be used for work-related activities, have strong passwords and only be used in locations with secure WiFi networks.


2.   Establish a clean desk policy 

Cybersecurity is quite rightly a business priority for many SMEs. A recent report published by Beaming, found that UK businesses are attacked online every 2.5 minutes. However, small businesses often forget the importance of securely storing and destroying sensitive paper documents. A report published by the ICO in 2016 showed that 40% of data security incidents were related to paperwork, indicating the risk of leaving private information like credit card details and payroll documents accessible to external parties.

Implementing a clean desk policy (CDP), whereby employees are asked to leave their workspaces clutter-free at the end of each day, offers a potential solution. Criminals can copy or steal hard copies of documents to commit fraud or blackmail employees, yet SMEs can reduce this risk by regularly decluttering their workspaces and leaving no sensitive information on display.

Putting a clean desk policy into action is undoubtedly difficult even in smaller companies, yet it remains achievable if the correct steps are taken from the outset. For example, the entire senior management team agree to commit to the policy; without pressure from the top, the average employee is unlikely to change their habits.

The policy should also be communicated across the company, perhaps through an email with the document attached. Explaining the reasoning behind the policy will help to get everyone on board and create a cohesive approach.

Finally, SMEs should make it easy for employees to store or dispose of their paper documents. A dedicated storage space for documents should be created, with strong security protocols in place to protect its contents. Waste paper should also be properly destroyed rather than thrown in bins or put through a standard office shredder. A simple solution could be to outsource the work to a specialist information management company in your area, saving your company time and money.


3.   Increase physical security measures

In their efforts to implement cybersecurity measures, small business owners should not neglect effective physical security – security measures that are designed to prevent theft or vandalism. Having staff physically present in the office is often the best deterrent for avoiding thefts, yet a quieter office is unavoidable for most SMEs during the holidays. With fewer employees at their desk, external parties are more likely to breach the premises and take confidential information.

Steps should be taken to ensure access to the site is only granted to employees and their invitees, such as by introducing key cards and passcodes to enter the building. Likewise, office space should be monitored regularly, both by security personnel and CCTV.  Investing in high-quality alarms is also always a good business decision. SMEs should not feel obliged to implement all of these security measures, however. Even designating funds for some of these policies will help to reduce the risk of a data breach, which could cost the average SME £25,736, according to Hiscox.


Key Takeaways

The Christmas holidays should be a well-deserved break for your business, a time to relax and regroup before business continues in the New Year. However, with fewer employees working and more external parties wanting to do harm to your business, confidential data is at greater risk of being compromised. Nevertheless, if the appropriate steps are taken to protect their data, both through cyber and physical security measures, SMEs can enjoy the holidays in peace.

2

Categories: Business Advice, News


You might also like...
Career Change Guide for 2021Business Advice8th September 2021Career Change Guide for 2021

2020 and 2021 have been years of labour market upheaval. Here is a strategic career change guide for 2021 to help you make an informed and guided decision.

4 Ways UK SMEs Can Thrive in a New NormalBusiness Advice24th June 20204 Ways UK SMEs Can Thrive in a New Normal

As lockdown eases, changes in how we do business have only just begun. One country that might be able to provide valuable insight is Germany. Having begun lockdown easing back in April, it is already dealing with the next economic phase that small businesses

SME News Media Pack

Every quarter we offer a new issue of SME News which is published on our website, shared to our social media following and circulated to in excess of 78,000 individuals from various sectors across the UK SME marketplace.

  • TickExpand your reach.
  • TickGrow your enterprise.
  • TickSecure new clients.
View Media Pack
Media Pack - Bottom Slant Gradient
we are sme.
Arrow