The high street, having already suffered a dramatic decrease in popularity, has struggled to return to pre-COVID sales figures, but is showing some signs of improvement. When non-essential shops were forced to close during lockdown, consumers were forced online.
For some SMEs this was devastating for their retail outlets and businesses. However keen entrepreneurs were driven to adjust their businesses to survive this crisis and technology became their saviour. According to the ONS Monthly Business Survey for May 2020 online retail for all sectors rose by 19.7% in May compared to April 2020, for many reaching this market was the only way to save their businesses. A staggering 85,000 stores appearing online in the three months to July 2020. However, business owners are being urged to review their online presence considering security issues posed with ecommerce trading.
ILUX, a leading IT systems, support and service company has been looking at the potential implications of inexperienced company owners launching their online presence. James Tilbury, managing director comments: “The pandemic and the lockdown has been the biggest pressure any company owner is likely to ever face. Even with the government support available, many would not have survived this time without shifting focus and identifying what can be done to save their business. Ecommerce offers endless opportunities, nationally and even internationally, to grow your business from a small shop or two, to a profitable and effective online store. But it does not come without risks.”
Worryingly, 32% of SMEs have been the target of cyber scams or malware with half of 5,000 SMEs surveyed by Sage, worried about their business being at a bigger risk since going online. However, only 6% would be investing in additional security.
ILUX, after reading these statistics, have realised some small business need some IT education. The company has produced some top tips to improve online security – for some immediate peace of mind. As a small business, the reputational and financial impact of a situation like a data breach will be destructive for a business, no matter how stable you think you are.
UNDERSTANDING DATA THAT SHOULD NOT BE SHARED
As a smaller business you may be working with just a few members of staff, but it is essential that they know what data is sensitive and what should not be shared. Training your staff could prevent internal data breaches, especially when it comes to GDPR (UK-GDPR from 2021). If your ecommerce site is hosted on Shopify, this data would be protected and should not be downloaded or shared.
SECURITY PROTECTION AND UPDATES ON LOCAL COMPUTERS
Although this is common sense, it is disturbing how many companies have out-of-date and even obsolete security software on their local computers. All anti-virus and malware software should be updated regularly. If a company has multiple devices in various locations, owners should set a reminder to ensure staff are checking for updates and make sure all software, when installed, is set to perform them automatically. Invest in trusted and quality products, you will get what you pay for, using a free platform when you are handling personal data is not recommended.
Encrypt all your sensitive data at rest and in transit. Use of encryption allows only those with access to decrypt the contents of the file that has been converted using a special “key”. This means that even emails which are sent to other parties with personal data in them, or when you are uploading shipping address details to couriers, they are safe from anyone trying to intercept the data.
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. Certification gives you peace of mind that your defences will protect against most common cyber-attacks – simply because these attacks are looking for targets without Cyber Essentials technical controls in place.
As mentioned above, updates are essential for all software. Consider two-step verification too – to provide that extra layer of security. Encourage your staff to update localised passwords frequently – monthly is acceptable. Educate staff on identifying harmful emails – do not follow links or enter account information on anything received in an email. Ensure all networked passwords are secure and impossible to predict – change them regularly and only allow single person access per machine. Audit your systems regularly, and where you can, use external sources to review and monitor the company systems – the extra set of eyes can make all the difference.
James continues: “Online security should be risk assessed at the earliest convenience. If a small business owner has rushed to complete their transition to online, now is the time to sit back and analyse how robust those systems are. It is not as simple as logging into a Shopify account for instance – careful consideration is essential for all devices – whether that is PCs, laptops, tablets, and even mobile phones that handle any data. A customer data breach could be a costly exercise for the business – not just the financial implications, but this could become legal and involve larges fines for the business. Either way it will be detrimental to the business’ reputation. I would advise that all SMEs who are now selling online to bring in an external, professional and specialist set of eyes to overhaul your systems and protect you for the future.”
Businesses who have delved into ecommerce – and are concerned about the systems that have in place – are welcome to contact ILUX – they will be able to discuss the minimum requirements and offer some insight and support. Simply visit www.ilux.co.uk.