Think of all the information you use in your business. Chances are nearly all of it is electronic – your website, emails, accounts, CRM and payroll information are probably all stored electronically, either in your office or somewhere in the cloud. 

Now, what would happen if you suddenly lost it all? What if you found someone had deleted it all, or encrypted it so they can charge you a fortune for the decryption key? 

What would you do? Could you get it all back? How long would it take? And could your business survive the disruption? 

The reality of cyber attacks 

While this may sound like a nightmare, cyber attacks like these are becoming more and more common. They're now the fifth largest global threat (just behind data fraud), and no business can afford to just sit and hope it doesn't happen to them. 

"But mine is just a small business?" I hear you say. "Why would they attack me? 

Quite simply, because they can. Most cyber attackers aren't doing it to make a profit. They simply want to cause as much disruption as they can, knowing the business they attack will suffer significant downtime, financial losses, and damage to its reputation. 

Unfortunately, even the best defences from your IT department or service provider can't keep them at bay if your employees are letting them in the front door. It could be opening that 'phishing' email and unknowingly installing a virus, giving their ID and password to the 'person from IT' on the phone, or even accessing the office network from a laptop over an unsecured wi-fi connection. 

Which is why you need to teach all your employees about cyber security and how to avoid falling for these traps. And you need to have regular training sessions to keep them up to date on how to defend themselves from the latest methods of attack. 

What your employees need to know 

Your employees should know how cyber attacks happen, particular in light of "social engineering" attacks – phishing emails, phone calls asking for login information, etc. This teaches them what to look out for, and how they can stop the attackers in their tracks.

They should also know what to do in these situations (especially if they accidentally do something wrong), and how to report them. 

You may want to arrange random 'tests' to see if your employees know what to do. For example, have someone pretending to be from the IT department ask for personal information. Do they report it, or do they give up the information? 

Educate your employees about scanning USB devices (ideally on a standalone computer) for malware and viruses before opening any files on them. 

What you can do 

You can also help your employees follow safe IT practices to minimise the chances of an attack. 

Give all employees with laptops access to a Virtual Private Network (VPN) service and show them how to use it. This will stop attackers 'eavesdropping' on their information if they're using an unsecured wi-fi connection. 

Encrypt the hard drives of all laptops. This will prevent the information on them being accessed if the laptop is lost or stolen. 

Have your IT team set up a policy that forces all users to choose strong passwords (i.e. using upper- and lower-case letters, numbers and symbols), and change them every month. 

Make sure all computers are running anti-virus and anti-malware software, and that they are kept up to date. 

Stay vigilant, stay safe 

The reality is that your business will never be safe from cyber attacks. But educating your staff, and giving them the tools to defend themselves, will greatly reduce the chances of your business becoming the attackers' next victim.