Five steps to stronger cybersecurity for your business

CyberSmart, expert in online security, brings you tips on how to keep your business safe from cybercrime. CyberSmart is available to Starling customers through the Starling Business Marketplace, the space in the app where customers can link to third-party products and services.

Many small businesses are aware of the threat posed by cybercrime, the term for criminal activity carried out on the internet or through technology. But when it comes to doing something about it, they can be less sure of what to do. For some, cybersecurity measures have a reputation for being costly, complex and confusing. The reality is though, you often don’t need expensive experts or the latest technology to improve your business’s cybersecurity.

Here are five simple steps that could dramatically improve your business’s cybersecurity.

1. Create a password policy

Most of us know the importance of creating strong passwords, but that doesn’t stop us from the unsafe practice of using the same one we’ve been using for years. We’re only human, after all.

And this problem is widespread. Research commissioned by CyberSmart from Software Advice, on the state of UK SMEs’ cybersecurity, revealed that 39% of small businesses surveyed use the same login credentials for multiple work accounts – offering an easy target for cybercriminals.

So what does a good password policy look like?

Start by using unpredictable passwords. We recommend using four random words, that are memorable but not easy to guess, in combination. Set up different passwords for each account you use – secure password management tools like LastPass are great if you struggle with remembering them. And use multi-factor authentication (MFA) wherever possible.

2. Regularly update software

Updating your software and operating systems regularly is the most time-efficient way to improve your cybersecurity. Even the best software becomes outdated or develops gaps and, when it does, cybercriminals can have an easy route into your business. All it requires is that you regularly check for any updates to the software you use. Or, for an even easier solution, simply turn on auto-updates in your device’s settings.

3. Develop clear cybersecurity policies

If you have staff, ensure that all security policies are clear and easy to follow. If you’re unsure where to start, check out our guide to policy best practices.

Alongside this, work to create a culture of communication where staff are comfortable asking questions. All too often, security mistakes are made because staff feel ‘silly’ raising their concerns, and so don’t mention them at all.

4. Educate your employees

It’s a simple fact: few people know how to identify a potential cyber threat, making them much more likely to fall prey to cybercrime. And your staff are no different.

The best way to beat this is through training. Training can help your people better recognise and understand the threats they face. Most importantly, it also gives them the tools to counter an attack – protecting your business in the process.

The type and level of training your staff need will depend on the knowledge gaps in your business. For some organisations, this means starting with the basics. For others, it means addressing specific weak spots in employee knowledge through more specialist training.

Training should follow a little and often approach. Little, because no one learns best by bombardment and often, so that your people get into the habit of thinking about cybersecurity regularly.

5. Use a tool to tie it all together

Finally, stay informed about your security through a tool such as CyberSmart Active Protect, available through the Starling Business Marketplace.

CyberSmart Active Protect aims to secure all employee devices that touch your company data. It monitors every device in your business 24/7, identifies risks and provides simple, jargon-free instructions for fixing vulnerabilities.

But, as we’ve outlined, prevention is about more than just technical measures so Active Protect goes further. It also features bite-sized training modules to help staff develop their cybersecurity skills, as well as a policy distribution tool to ensure everyone in your business has access to clear guidance.

Article updated: 18th October 2022