CORONAVIRUS: For information about how your business could be affected and the help that we can provide at this time, please click here.

Are you prepared for a Cyber Attack?

More than 50% of British firms reported cyber attacks in 2019, and on average there is a hacker attack every 19 seconds in the UK. Many small businesses believe they are too small to be targeted, so don’t have cyber security in place. However, just like a house without a burglar alarm, an organisation without cyber security is more likely to be targeted by criminals, regardless of size. So what security measures can you put in place to protect against a cyber attack?


Secure your internet connection with a firewall

A firewall creates a buffer zone between your IT network and other external networks, meaning that incoming traffic can be analysed, and access denied if necessary. Most laptops come with a personal firewall as part of the operating system, but if you are using lots of different devices, you may want a boundary firewall which protects your entire network. Check with your internet provider first, as your router may already contain a boundary firewall.


Choose the highest level of security for your devices & software

Check the settings of new devices and software, as manufacturers often set the default configurations at the lowest level of protection to make them easily connectable and useable. The first thing you should do when using a new device or software is disable or remove any functions which you do not require, and set up password protection. For certain software and accounts you may wish to set up two-factor authentication. This is a process by which for example in order to login from a computer you have to input a time-limited code that is sent to your phone.  You should also make sure that you are always using the most up to date versions of software and apps, as these will have been protected against the latest malware threats.


Ensure that staff only have access to functions they need for their role

We all trust our staff, but everyone can have an off day, or suffer a burglary or robbery that separates them from their work phone or laptop. Making sure that staff only have access to the functions they need for their specific job role means that you minimise the potential damage when an account is misused or stolen. You should of course always deactivate staff accounts and revoke access to any shared software or accounts as soon as they leave your employment.  It’s……………….. a shame Rebekah Vardy hadn’t thought of that!


Guard against malware & viruses

Malware and viruses can infect your computer through your staff opening an infected email attachment, browsing a malicious website, or using a USB drive that is infected with a virus. Clearly user caution is advised as your first line of defence, but your operating system may also have an anti-malware measure which you can activate. You can also utilise whitelisting which prevents users from downloading and installing software without administrator approval. Another protective system worth investigating is sandboxing, where each web-connected application is run in an isolated environment with little access to the rest of your network, keeping your files safe.


What is the most important thing you can do to prevent a successful cyber attack?

As hinted above, the most important line of defence in any cyber attack is your staff. Make sure they are fully trained on avoiding phishing and other threats, and that they understand how to keep their devices and data safe and secure. For example, earlier in the year we published a blog about recognising HMRC phishing emails which your staff may find useful.


How can you reassure your customers that you’re prepared for a cyber attack?

If you are dealing with sensitive data (or if you are bidding for public sector contracts where cyber certification is a requirement), you might consider becoming certified by the National Cyber Security Centre. They offer two levels of certification, Cyber Essentials, and Cyber Essential Plus. The first is based on self-certification, and the second includes verification by independent experts. Find out more about these certifications here:



It goes without saying that here at E R Grove we practice what we preach! So you can rest assured that we have a full level of protection against cyber attacks. As new threats develop, we will continue to update our protection so that we can keep your data safe and secure.