What to do if your small business experiences a cyber attack

All businesses are at risk of cyber attacks - and small businesses can be hit particularly hard by them. In this guide, myhrtoolkit's Chief Technology Officer, Kit Barker explains what a cyber attack is, how to prevent them from succeeding, and what to do if an attack is successful.

What is a cyber attack?

The term cyber attack covers a broad range of activities, such as phishing in all its guises, viruses and malware, and denial of service attacks. Essentially, any electronic or computer-based criminal activity targeted towards your business constitutes a cyber attack.

The scale of the issue

A UK Government survey from March 2020 suggested that 46% of UK businesses reported cyber-security breaches or attacks between 2019 and 2020. And unfortunately, that figure is not going down.

How can you protect your business from cyber attacks?

How can you protect your business from cyber attacks

While no defence is perfect, there are some simple steps you can take to greatly reduce the risk of falling victim to, and reduce the impact of, a successful cyber-attack.

This isn’t an exhaustive list by any stretch, but these four things will make your business a much harder target for cyber criminals:

1. Create a security conscious culture

Top of the list is investing in people, before investing in software and hardware. Your employees can be either one of the strongest defences against cyber-attacks, or the weak link in the chain, as attackers can use social engineering scams to get confidential information.

Employees can reduce the risk of an attack being successful and reduce the impact of any successful attack. There isn’t much hardware or software that can have such a significant effect on your security.

Unfortunately, this is one of the most difficult steps; it requires significant input and takes time. You can watch my webinar on this topic if you’d like to find out more.

2. Implement a robust backup procedure

You may have noticed that I said, “backup procedure” rather than just “backup”. Most of us are aware that backing up our data is a good thing, but it’s easy to get backup wrong.

Robust backup is not just a fire-and-forget solution to be installed. Moving from storing files on your computer to using a cloud storage solution can be a good step, but it is not a backup solution.

More detail on backing up your business data, including tips for developing a good backup strategy, read my post: How and how often should your business back up its data?

3. Good password management and MFA

With so much of our business data stored in a plethora of online services and systems, protecting access to these is critical. Even in 2021, with the news littered with details of breaches and leaks, we still find that the most common password in use is still “123456”. Ensuring that your users understand what strong passwords are (and of course use them) is critical.

But even with strong passwords, your accounts are at risk from breaches and leaks. Multi-factor authentication (MFA or sometimes 2FA) offers a big increase in account security and should be used on all accounts that provide it.

For more information, read our article on good password security, policy and practices.

4. Anti-malware hardware and software

A good firewall on your network, and solid anti-malware software are an essential part of protecting your business from cyber-attacks. For most people reading this article, this step is the most likely to be left to someone else – probably in your IT department. However, it’s still worth been aware of it and asking questions about the hardware and software in place.

Just like backup, hardware and software are generally not fire-and-forgot solutions and need to be well maintained and kept up to date if they are to be effective.

What to do if you fall victim to a cyber attack?

What to do if you fall victim to a cyber attack

With roughly one attack against UK businesses occurring every 46 seconds, while you’ve been reading this article your business will likely have experienced multiple attacks against it.

Fortunately, most will have been low-level, speculative attacks, such as mass-mailed, poor-quality phishing, or a simple network probe. You probably won’t even notice them.

But as mentioned, even with all the protective steps above in place, you could still fall victim to a cyber-attack. As they say, a defender needs to be successful 100% of the time, but an attacker only needs to succeed once.

If you do fall victim to a successful attack, what should you do?

Don’t panic, but move quickly

The most important thing to do is stay calm and not panic. Having a security conscious culture will help users come forward quickly if they make any mistakes that lead to a breach, and this is exactly what you need here.

Diagnose the issue

The actual response to the attack will depend entirely on the attack, so you need to find out exactly what has happened. Did someone install malware? Have they entered their login credentials on a fraudulent site?

While you’re working out what has happened, it is important to gather as much evidence as possible. This means keeping things like logs files and emails and collecting statements from affected users as soon as possible.

Free HR resources sign up banner

Implement the fix

As with the diagnosis phase, the fix will depend entirely on the type of attack. Whatever the fix is, it’s worth not taking any half measures. Err on the side of caution. For example, if you think there’s a chance someone’s credentials are breached, change them. If some might have installed malware, restore their machine from a known good backup.

Learn from the attack

Once the dust has settled, it’s time to reflect on what happened and how it can be prevented from re-occurring. Like burglars, it’s not unusual for cyber criminals to revisit their successes.

It is important that you focus on improvement here and not laying blame. It’s likely that an individual may have been responsible, but that doesn’t mean it’s their fault. Were they rushing due to overwork? Had they had sufficient training? Think honestly and critically about the reasons and address them.

Report it to the authorities

Finally, while conviction rates for cybercrime is very low, you still need to report your attack to the relevant authorities. In the UK, this can be done via the Action Fraud website.

There are many great resources online (apart from this article!) about how to protect your business, and the National Cyber Security Centre is up there with the best.

Stay safe out there!

Read more from the myhrtoolkit blog

Hybrid working: what are the security implications?

Why should you choose an ISO 27001 certified HR software provider?

Picture of Kit Barker

Written by Kit Barker

Kit is myhrtoolkit's Chief Technology Officer and a company director for myhrtoolkit who leads the technical team in developing the system. On our blog he shares specialist knowledge and tips around data security and company culture.

Free Data Migration
free data migration
Unlimited Free Support
unlimited free support
3 month MOT
3 month MOT