How to stay safe online

Business insurer and TOG member Tapoly offer tips on protecting your business from cybercrime

As founder and CEO of business insurer Tapoly, Janthana Kaenprakhamroy is committed to help companies avoid unnecessary complications.

Be aware 

Cybercrime is estimated to cost small businesses a staggering £4.5billion each year, with the average cost of a single attack sitting at £1,300. And incidences are on the rise. Many larger businesses with the right specialist skills, resources and infrastructure may be better able to recover faster than smaller companies. But, regardless of your size, it's more important than ever to be aware of the dangers your business may face online.  

Know your enemy 

Cybercrime comes in many forms, all with the aim of causing destruction and eliciting money. Common examples include phishing – emails or text messages sent to seek out confidential information; malware – infected software shared via an email attachment or fake software installation; ransomware – malware designed to block access to vital systems until a ransom is paid; baiting – using incentives to lure people into compromising their security; diversion theft – getting users to send information to the wrong recipient; and scareware – typically a pop-up saying that a user’s security is out of date or that they have malicious software on their PC. This scares the user into visiting a malicious website or persuades them to buy non-existent products. 

Do a risk assessment  

There are some simple steps you can take to increase your resilience against cyber attacks. It's worth conducting a risk assessment to help identify any weak points and avoid future attacks. Get a sense of the value of your data and assets and then understand how their safety could be compromised. Is your infrastructure sound? What channels are most likely to be compromised? Record these findings and review your risk status on a regular basis. 

Protect your passwords  

Pay close attention to passwords, too. A robust password policy and two-factor authentication process will help keep data and systems secure. The general rule is to have a different password for each account. You can be as creative as you like – as long as you can remember the password! Normally, passwords should be at least eight characters or more in length and have a combination of upper and lower case letters with at least one number and a symbol.  

Update your software 

Regularly install software updates and keep anti-virus software up to date. It may sound like common sense but according to a 2019 report by the Federation of Small Businesses, 35 per cent of small businesses hadn’t installed security software for at least two years and 40 per cent do not regularly update their software. But make sure software updates are legitimate. Fake updates are often promoted in the form of software pop-up ads, alerts claiming that your device is contaminated, or an unexpected request for your information. Don't trust email alerts for updates or let any programme have access to your devices or update your browser. Make sure that you actually know what software is installed on your system, particularly when it comes to anti-virus software.  

Explore insurance options  

You can also investigate insurance policies, such as cyber breach cover, which can help uncover the source of the security breach, protect valuable data, let any customers or clients know they may have been affected, and support anyone whose safety has been compromised. It is important to check what your cyber insurance policy actually covers as this may differ from one provider to another. However, in addition to the cyber insurance policy, it would also be wise to consider business interruption insurance, which provides cover for your downtime if you have to close your business due to any unexpected incidents.  

Janthana Kaenprakhamroy is founder and CEO of business insurer Tapoly