Cybercrime is rising, with 38% of all small businesses targeted in 2021, the Government found in its Cyber Security Breaches Survey 2021.
Phishing is the most commonly identified cyber-attack, with 82% of those attacked experiencing it. However, attacks by malware (13%) and being impersonated online (25%) were also common. Additionally, 27% of all businesses surveyed were targeted at least once a week.
Awareness of threats is increasing, so it’s reassuring that 77% of micro and small businesses consider cyber security a high priority. But many non-specialists struggle with what to focus on and how.
The National Cyber Security Centre has produced some basic cybersecurity tips, but they’re more common-sense than cutting-edge. Here are four things every cleaning business must do to protect their people, platforms and data in 2022.
1. Manage data security and storage
Data is your organisation’s biggest asset and the target of many cybercriminals. You should check where all data is stored and who can access it. But fewer than half (49%) of small businesses in the survey had controls on moving and storing data.
Access to data should be restricted and provided on a “need to know” basis. Each employee should have their individual data needs assessed and restrictions applied.
It’s essential to use trusted data storage software, and important documents are password protected. Every time personal data is accessed, it leaves a digital footprint enabling you to track it.
The Data Protection Act and GDPR rules advise that data is stored in different places. So, if you’re using cloud storage solutions, ensure you know where all data will be held. If storing information locally, regularly back it up.
Never share important documents such as cleaning contracts with personally identifiable information over email.
2. Review user accounts
Staff are the biggest vulnerability, with poor email etiquette and password protection leading causes of cyber breaches.
Ensure that all staff change their passwords at least every month. Provide guidance on creating effective passwords using a combination of letters, numbers and symbols.
If you’re serious about security, Multi-Factor Authentication (MFA) provides dual-layer protection. MFA is regularly used by banks and online retailers such as Amazon. When you try to log into a system or programme, you’ll have to confirm your identity through a code sent to a phone, using a system such as Google Authenticator, or by logging into an app.
3. Secure all networks
As the manager of a business, you’re in charge of security, but do you know how secure your network is?
Just 15% of small businesses had performed a cyber security vulnerability audit to identify vulnerabilities. A cyber security specialist can help to assess how protected your systems are by performing a penetration test.
Even if you’re confident about the security of your systems, you should regularly review your network and wifi security. Check firewall logs for your router and network, and identify any attacks.
Securing your networks is an ongoing challenge, so set aside some time for it each month, or quarter.
4. Involve employees
Staff pose the greatest threat to your digital security. Still, just 31% of small businesses have a cyber security policy, and only 33% use VPNs for remote workers.
You should develop a clear cybersecurity policy and ensure every member of staff signs up.
You’ll need to review security for remote workers regularly. If you use hosted services, such as MS 365 or Google Business Apps, you can enforce that passwords are regularly changed. You can remind those who aren’t following the rules and add extra layers of protection such as MFA.
Cloud-based platforms enable you to track who has accessed files and data, when and how. This essential audit trail can be crucial in a data breach or attack.
Could you be more cyber secure?
The threat of digital attacks is growing each year. Regardless of how secure you think your systems are, they could probably be improved. Every business of any size must regularly test and assess the security of its systems, maintaining adequate protection. Does yours?
At the heart of data protection are your people. Alongside the systems, processes and platforms, you need clear policies. But you need to go further, creating a culture of data protection and cyber security throughout your cleaning business.