As a serving Police Officer working within the Southeast Regional Organised Crime Unit, I regularly see the impact that cyber attacks have on businesses of all sizes, particularly SMEs and micro businesses. The phrase ‘fail to prepare, prepare to fail’ is very fitting when it comes to SMEs and cyber, as sooner or later your business will become a victim of a cyber attack if you fail to put defences in place to stop online criminals.

Cyber security is not just for your IT team, everybody involved in a business should understand the basics of cyber security and the role they play in keeping themselves and others safe. Cyber attacks can lead to customers losing trust in an organisation, negative financial consequences, and reputational damage.

Cyber attacks are often completely preventable; the following nine simple steps could be all it takes to protect your business:

1. All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage, or theft. Furthermore, if you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks
2. Keep your smartphones and tablets safe by switching on PIN/password/fingerprint recognition for mobile devices and by using the automatic update option if available
3. Prevent malware damage by using antivirus software on all devices, only install approved software and prevent users from downloading third-party apps from unknown sources.
4. Avoid phishing attacks by ensuring staff don’t browse the web or check emails from an account with Administrator privileges, scan for malware and change passwords as soon as possible
5. For all your IT equipment (so tablets, smartphones, laptops, and PCs), make sure that the software and firmware is always kept up to date with the latest versions from software developers, hardware suppliers and vendors. Applying these updates (a process known as patching) is one of the most important things you can do to improve security
6. Avoid using predictable passwords (such as dates, family, and pet names). Avoid the most common passwords that criminals can easily guess (like 'passw0rd') and don't re-use the same password across important accounts. If one of your passwords is stolen, you don’t want the criminal to also get access to (for example) your banking account
7. Use 2-step verification for any of your accounts. 2SV requires two different methods to 'prove' your identity before you can use a service, generally a password plus one other method. This could be a code that's sent to your smartphone (or a code that's generated from a bank's card reader) that you must enter in addition to your password
8. Consider using password managers, which are tools that can create and store passwords for you that you access via a 'master' password. Since the master password is protecting all of your other passwords, make sure it’s a strong one, for example by using three random words
9. Do not connect to public Wi-Fi hotspots – when you use public Wi-Fi hotspots (for example in hotels or coffee shops), there is no way to easily find out who controls the hotspot, or to prove that it belongs to who you think it does. The simplest precaution is not to connect to the Internet using unknown hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security.

With cybercrime now accounting for over 50% of all recorded crime, the Home Office partnered with policing to set up the SECRC and nine other Cyber Resilience Centres covering the whole of England and Wales. The Southeast Cyber Resilience Centre’s aim is to give every business in the region access to skills and knowledge to protect themselves from online attacks, helping to make the Southeast one of the safest places to live, work and do business.

Any business can join for free and when they do they receive a welcome pack that covers a range of free cyber security services and products from different sources. They are then invited to have a free conversation to better understand the cyber security posture and to see if we can help any further.  We have also engaged with universities across the UK to utilise their specially trained cyber students, overseen by our experienced security team, to support our members with a range of services to help with risk reduction, from training to vulnerability assessments.

Joining is simple and only requires a few details to enable us to send you a free information pack that includes resources designed to improve your online security, from checklists to Incident Response templates, there's something for everyone.

Download yours here www.secrc.police.uk/free-information-pack.