Cyber Security and Data, Key Takeaways for Small Businesses

Black Arrow Cyber Consultancy and the Office of Data Protection Authority take us through how to stay safe online

In this second session of Global Entrepreneurship Week, we explore the requirement and key considerations for small businesses when it comes to data protection and cybersecurity. This session began with a lighthearted slideshow from the Black Arrow Cyber Consulting team, Tony Cleal, Bruce McDougall and James Martel. Black Arrow is a Guernsey-based cybersecurity consultancy using its accumulated expertise from a wide range of different security fields and robust knowledge of countermeasures and technology solutions to provide cybersecurity advice.

Their presentation was based on the ten myths of cybersecurity, a fun look over damming opinions when it came to protecting your data from intruders. Our favourites were,

  • Myth 4 'I have a firewall and anti-virus! I'll be fine.'
  • Myth 9 'I have cyber insurance! I don't need to worry about it.'

And finally maybe the most dangerous opinion of all,

  • Myth 10 'It won’t happen to me!'

Tony explained that most businesses large or small will not survive a cyber incident. The combination of loss of money, customers and suppliers, and connections with banks can be too much and cause the company to fold. Tony also emphasised that the trust lost from customers has a large effect on a company after an attack, as customers will tend to shun companies who do not guard data, and will not have a kind eye if their data is stolen! 

"Write your own privacy policy, make protecting people's data a privilege, not a burden and build that trust with your customer base."

Tim Loveridge from the Office of the Data Protection Authority

Many incidents come from within companies, with a whopping 63% of data leaks being attributed to human error. According to information gathered over the last two years by Tim Loveridge from the Office of Data Protection Authority. Tim warned these stats are only from recorded instances and due to lack of reporting, there may be many more!

Local businesses can find support from the Office of the Data Protection Authority.  They offer a wide range of resources and some free support that can be found on their website.

Tim's top advice was 'write your own privacy policy, make protecting people's data a privilege, not a burden and build that trust with your customer base.' He hopes to dissuade from a copy and paste attitude to policy writing and emphasised that using this ideology to build trust with your customer can boost your businesses success. 

An insightful Q&A provided us with some great takeaways from Tim and the team at Black Arrow.

Top tips to apply to your business!

1) If your data is stolen or threatened to have been stolen, stay calm and think it through! Panic clicks are often the cause of an attack escalating. Try and get some proof that the breach is real and be sceptical of emails demanding money and investigate any issues. If in doubt, contact a company that specialises in data protection for support. 

2) 'Bad guys' as Tony calls them, are very agile and will always try new things and drop tactics that don’t work and this makes it very hard for the good guys to keep on top of the current threats. Just because we live in Guernsey does not mean your data is safe! A low physical crime rate does not convert to a low online crime rate. Black Arrow uses a 'honey pot' filled with pretend data left defenceless to gather the latest information what sort of attacks are being used and how they’re evolving. These honey pots get 10 million attacks a month!

3) You can often catch internal fishing scams by looking at the speech patterns. Hackers can get into personal email accounts, monitor them for months waiting for the opportune moment to craft a meticulous email often looking like it’s from someone you could already be conversing with! Bruce told of an experience he had where the fake email that he received was signed off in an unusual way that his colleague never did, that way he knew it wasn't from him.

4) Adopt 2-factor authentication for better security, and when you are travelling use a paid-for VPN and do not connect to free wifi to do any important work or banking. 

Read more about data and security for small businesses


You May Also Be Interested In


Eagle Lab and Digital Greenhouse accelerator launches


Local entrepreneurs ready to accelerate their business to the next level


IP for small businesses