Last year, more than 1.4 million SMEs in the UK were affected by a cyberattack, costing the UK economy £8.8 billion overall. And with over half of the British workforce working from home due to the COVID-19 pandemic, making sure your business is in safe hands is more relevant than ever.
Since the beginning of the lockdown in the UK, more than 30% of SMEs have been victims of phishing emails, and almost half of those emails (45%) are related to COVID-19.
In this article, we explore ethical hacking and how it can help small businesses protect themselves from cyberattacks and hacking.
What is ethical hacking?
According to the Cambridge English Dictionary, a hacker is a person “who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems.”
Now, imagine a person whose business is also hacking private systems and data but to keep them safe instead.
This is the figure of the ethical hacker or ‘white hat’ hacker, someone who is trusted by the company to attempt to enter the organisation’s networks and systems carrying penetration testing and an ethical hack – and most times is a Certified Ethical Hacker.
Both have the same knowledge, but the difference is that the ethical hacker is on the side of the law (and the company).
An ethical hacker performs the hacking of a company using the same techniques than a hacker would to test the company’s cybersecurity measures and help them improve them against real attacks.
Hiring an ethical hacker has been something that traditionally was seen as something that only large corporations could (and needed) to do.
The value of identifying threats in advance
One of the ways in which companies are strengthening their cybersecurity is by hiring white hat hackers or ethical hackers.
Ethical hackers have a similar skill set as ‘black hat’ (malicious) hackers, and are able to find vulnerabilities in your system via penetration testing and hacking into your system, with the flip side that they can also advise you on how to best prepare to avoid these.
As threats become more sophisticated, companies need to look at other ways to defend themselves from these threats. In 2019, 60% of the companies hacked were medium-sized businesses.
The Cyber Security Breaches Survey report issued by the government, also states that despite this figure, the number of businesses identifying cyber security breaches has decreased since 2017.
Harman Singh, Managing Consultant at Defendza, explains the reasons why some SMEs fail to act on cyber security:
“Some SMEs have a lack of proactive approach towards cyber security to ensure it is an organisation-wide priority. They also don’t see compliance as a priority and they rely on the IT services provider to take care of security without involving a specialist skill set.
Several small businesses have experienced cyber attacks, and the majority of them are unaware. Digital revolution in recent years has exposed our professional and personal life, and it is essential that businesses are ready against potential threats.”
Keep your company safe from attackers
However, if hiring an ethical hacker is not in the cards for you, the National Cyber Security Centre (NCSC) provides guidance to organisations to ensure these use best practices to keep the information secure.
Below we have listed four tips to make sure your data is in safe hands.
You can have the most sophisticated system in place, hire an ethical hacker, and security applications, but unless your staff knows good security practices, it’s not worth it. Therefore training your staff is key, as well as making sure that they understand the real implications of an attack.
The UK Government offers free online training for small and medium-sized businesses that helps employees understand the importance of cybersecurity and also provides practical tips to help them identify threats.
2. Keep your devices safe
Smartphones and tablets are critical, but vulnerable devices used by businesses. It’s vital to secure them because they could contain sensitive company data or provide a backdoor into the company’s network. The NCSC provides some tips for small businesses such as keeping devices and the apps up to date to make sure the latest security update is installed in the device.
The NCSC also recommends training your staff into best practices with passwords such as choosing the right length and tips on storing it. Having a strong password is a must. Password management software can help with securing and storing passwords, keeping them in a digital vault.
As well as all of the above tips, it is also important to back up your data regularly. Backup software creates copies of the data that can be restored in case of a breach or a data loss.
The NCSC recommends keeping data separate from the computer and considering the cloud, as the data is physically separate from the computer and also offers backup services at a lower cost and without having to invest in hardware.
Neil Hammond gives some tips to keep your company’s cyber security updated:
“Make sure that your staff is trained. There is plenty of material available to help with staff education, especially if it is done as “this will help you stay cyber-secure at home”.
Also, keeping software up to date is important because reputable suppliers regularly patch their software for vulnerabilities.
Finally, it is critical to keep good backups. A 3-2-1 strategy means having at least 3 total copies of your data, 2 of which are local but on different devices (for example 1 on memory stick and 1 on hard drive), and at least 1 copy offsite (and not connected directly to your main files).”