Contractors, are you keeping your limited company safe with these cyber-security steps?

It's no surprise that businesses of all sizes have seen a significant increase in cyber-attacks and data breaches over the last three years, writes Nadia Kadhim, co-founder of IT security advisory Naq.

You’re not at risk, right? Wrong

Since March 2020, businesses have reported a 31% increase in cybersecurity incidents, while 41% of small and micro-businesses across the UK have fallen victim to cyber-attacks over the last 12 months.

As a freelancer or contractor, you may think that you're not at risk of becoming a target for cyber-criminals. After all, you don't have the same amount of data or assets as a larger company.

However, smaller businesses are more likely to be attacked than their larger counterparts, partly because criminals know that they often have fewer resources and are less likely to have robust security measures in place.

It’s hard to remember a time when the contract sector was more in hackers’ crosshairs

So in wake of hackers recently targeting a contractor conglomerate, plus an umbrella company, and amid fears about the cyber security-resilience of contractor recruitment agencies, how should limited company directors protect themselves and their business from cyber-crime?

Here, exclusively for ContractorUK, and ahead of our partner Integro Accounting’s free but security expert-led webinar on staying cyber-secure as a contractor, let’s explore the ways to keep your and your customer's data as safe as possible. Even if the cyber-security threat is rising exponentially.

Secure your connections, including the ones in your home

While remote working is likely nothing new to you if you're a contractor, one of the most important things you can do to protect yourself and your business from cyber-attacks is to ensure that your connections are secure.

If your home is your primary work location, then begin by changing the standard issued password received from your internet provider. While some of the default passwords issued with your Wi-Fi router may look long, unique and secure, anyone with access to this information can easily access your network, change passwords, and potentially access your files.

For an additional layer of security, you should always use a Virtual Private Network when connecting to the internet. This is particularly important if you're connected to an unsecured Wi-Fi network such as those found in libraries, cafes and co-working spaces.

A VPN encrypts your internet traffic, making it more difficult for cybercriminals to intercept or hack your data. In addition to this, a VPN can also help to mask your IP address, making it more difficult for criminals to track your online activity or locate your physical address.

Contractors, there are many different VPN providers available, so be sure to research to find one that best suits your needs.

Keep an eye on all of your devices

If you use your personal mobile device, such as a smartphone or tablet, for work purposes, it's important to have a Mobile Device Management system in place.

An MDM system gives you the ability to remotely manage and control access to your devices and the data stored on them. This can include installing and managing apps, setting password policies, remotely wiping devices and managing user permissions.

While more commonly used by larger businesses to manage their employee's devices, an MDM system can be a valuable tool for any freelancer or contractor who relies on their mobile phone or multiple devices for work purposes.

If one of your devices is lost or stolen, a device management system can ensure that your and your customers' data remains secure by remotely wiping the device and locking it out of further use.

Quick-wins?

Contractors, it may sound obvious, particularly if you work in IT, but get serious and even regimented about backing up your data regularly.

In addition to preserving your files should your device suddenly crash or lose power, regularly backing up your data can make it much easier to re-access your valuable information if your device is infected with ransomware.

Ransomware is a type of malware that can lock you out of your device or files unless you pay a ransom.

In almost all cases, there is no guarantee that paying the ransom will give you access to your data. Regularly backing up your files means you won't lose any critical information or work even if your device is infected.

While there are many ways to back up your data, we recommend a reputable cloud storage provider (such as Dropbox or iDrive), which have built-in encryption and automatic backup features to ensure your data is kept safe and regularly uploaded to the cloud.

Keep stock of all your accounts and services

As a freelancer or contractor, it's likely that you have a range of different devices, programmes and services that you rely on to carry out your work.

A new client could mean installing additional software, signing up for a new service, or creating an account with yet another communication tool, all of which can quickly add up to quite a medley!

It's essential to keep track of all the different assets that you rely on for work and any associated passwords, usernames, and contact information for customer support. Creating an Account Map -- a list of all your open accounts and services - will quickly highlight all of the places where you're currently storing data.

Once you have a clear overview of all your work-related accounts, you can start to think about which ones may pose the most significant risk to your cybersecurity and put measures in place to protect them, such as 2FA, or close them down altogether if they're no longer in use.

Carry out incident response exercises

As well as putting the necessary systems and processes in place to protect your limited company business from a cyber-attack, it's also essential to have an Incident Response Plan in place for when the worst happens.

Your plan should include actions like:

• identifying who to contact in the event of an incident;
• which devices need to be isolated from your network;
• what data needs to be preserved; and
• how you will restore any lost or damaged data.

Contractors, if you're working with particularly sensitive data, you'll also need to consider whether any potential data breaches need to be raised with the Information Commissioner's Office.

The most essential part of your Incident Response Plan is practice, practice, practice. In other words, an actual security incident should not be the first time your plan is put to use. Set out some time to go through a ‘test incident,’ note precisely what happened, which accounts or documents were compromised, and what steps you took to resolve the situation.

Penultimately, remember that small isn’t somehow immune

Cybersecurity should be at the top of mind for any freelancer or contractor, no matter how small your business may be. By following the advice in this article, you can help to ensure that your business is as protected as possible from the ever-growing threat of cyber-attacks.

You can contact us to find out more about keeping yourself and your client's data secure or to schedule an incident response exercise so you can be prepared if the worst happens.

Finally, do you fancy some tailored cyber-security support?

At the very least, consider that us - Naq - are industry-leading cyber security experts and in partnership with Integro Accounting, we are hosting a FREE 30-minute webinar on how to keep your contractor business cyber safe. You’ll get the inside track on how to prevent a cyber-attack, and you can open a Q&A session with our technical team to put your own company-specific queries.

To reserve your place at the online event, scheduled for Wednesday 4th May – 13:00 – 13:30pm, follow the link: FREE Cyber Security Webinar.