Cyber security is a growing problem. In the last two months alone, some of the world’s biggest corporations have been hit by the worst cyber-attacks ever seen. But what’s the risk to an SME and where should it sit in their long list of other business priorities?
At the recent East Midlands Chamber cyber security conference and expo, John Unsworth, Chief Executive of the London Digital Security Centre, stated that more than half of all crime is now cyber related – yet only 1% of policing budget is spent tackling this issue.
Fortunately, user behaviour and the right technical controls can mitigate much of the risk. This is good news, but is only as effective as the person in charge of its implementation.
Let’s walk through some common business perceptions about cyber security.
“This doesn’t affect us – we have nothing of interest”
All information is high value. Small or large, all businesses retain sensitive data and information, from financial records to their CRM.
Remember, if it’s important to you – it’s important to hackers too.
“We’ve never had an issue before”
Research by the Federation of Small Businesses (FSB) shows that two thirds of SMBs have been the victim of cybercrime between 2014-2016.
Those who haven’t been hit are in the minority and attack figures are climbing fast.
“We don’t have the budget”
Cyber security doesn’t necessarily mean investing in expensive software but there are some key do’s and don’ts.
Make sure software updates and patches can run, preferably set to automatic. Recent attacks targeted these vulnerabilities to infect computers and networks worldwide.
Avoid using out of date systems, such as Windows XP. This platform is no longer supported or updated by Microsoft and is therefore especially at risk.
Recognised by the UK Government as the most comprehensive cyber security standard, and affordable, seven out of eleven steps to the IASME standard are company policy based decisions.
“We have higher priorities”
The dilemma? This is a global priority.
Those in breach of new rules under the General Data Protection Regulation (GDPR) risk fines up to 4% of global annual turnover and are now required to report any breach to the Information Commissioner Office (ICO), including any affected customers.
“We haven’t got the expertise”
This is by no means limited to an SMB problem. It’s industry wide and perceived to be hard.
A number of free resources can be sourced from the National Cyber Security Centre – both for individuals, and organisations of varying size. Increasing education and awareness is proven to reduce risk – humans are typically the weakest link. Visit www.ncsc.gov.uk for further information. Businesses can also undertake Cyber Essentials certification or as part of IASME, to provide assurance to customers and demonstrate their commitment to cyber security.
Outsourcing can help your business fill gaps where internal knowledge falls short. However, it’s important to work with a trusted supplier. Ultimately, your business will still own the risk and the impact of any attack.