In light of the recent cyber ransomware attack which affected businesses and organisations around the world, UK firms are being encouraged to protect themselves against the risk of crippling cyber-attacks and malware. Below we outline some of the key ways in which you can protect your business. Getting the basics right Checking for updates to computer operating systems is crucial: installing the latest security patches from the program vendor and ensuring that automatic updates are switched on can help protect your devices from unwanted viruses and malware. Those using unsupported operating systems may prove to be more at risk, so it is recommended that businesses only use systems that receive regular security updates. Ensure that your business has a reputable antivirus program installed on any devices belonging to the company, and make sure that this is kept up to date. Running your antivirus software regularly can help to identify any malicious viruses in your systems, and will often provide an option for removing the infection. It is also strongly advisable to refrain from clicking on links or attachments in suspicious emails, as these can direct users to scam websites or install destructive viruses onto your device. If you are unsure about an email, simply delete it. This message should be relayed to all members of staff. The Federation of Small Businesses (FSB) recently urged firms to consider obtaining cyber protection insurance, and to make sure that any essential data stored on devices or computers is adequately and regularly backed up. Taking a risk management approach Businesses should seek to adopt a risk-based approach, in line with the following key stages: Consider the risks It is important to consider what your business stands to lose in the event that it falls victim to a cyber-attack. Finances, equipment, information and even your reputation could potentially be affected or damaged. Consider the many forms a cyber-attack could take - these include malware in an email, a loss of equipment, or attempts to deceive via an email phishing attack. Plan ahead Businesses should identify their most critical assets and have contingency plans in place so that, in the event of a cyber-attack, the business could continue to operate. It is also advisable to consider any legal or compliance obligations your firm might have. Implement the appropriate security controls You must put in place crucial IT protection systems and consider outlining responsibilities and best practice to your staff. Review your processes Putting in place a process for regularly reviewing your firm’s cyber security measures is essential. To stay one step ahead, make sure that you keep up-to-date with information on the latest cyber threats. Where can I find out more? The government-backed National Cyber Security Centre (NCSC) website contains useful information for both businesses and individuals on how to protect against harmful cyber-attacks and stay safe online. Visit www.ncsc.gov.uk for more information. Meanwhile, the government’s Cyber Essentials scheme provides information on the ‘basic controls all organisations should implement to mitigate the risk from common internet-based threats’. Details on the initiative and how it may be of help to you can be found here.