Not a day goes by without another cyber attack announced on a major business across the globe. From the Sony hack to Target these cyber attacks have resulted in significant damage for these organizations. Given the widespread media coverage given to these major incidents it is easy to assume that cyber attacks are confined to only large multi-national organizations. In contrast, many business owners are shocked to hear that more than half of the cyber attacks on businesses in the UK were in fact targeted at smaller businesses.
This is perhaps compounded by the fact that over 25% of small businesses consider themselves to be too small to be of interest to a hacker. The truth is quite the opposite with almost 60 per cent of small businesses in the UK suffering an attack in 2016 and this number is likely to grow as attacks become more frequent and complex in nature. Furthermore, the impact of such an attack on a small business could be considerable and range from theft of information through to fines if there is any loss of personal data.
So if you are in the process of starting up a new business venture or, if you are an existing business that is looking to enhance your firms computer security posture, it is imperative that you consider some measures to defend your business against cyber attacks.
The question we are often asked is why are small businesses so attractive to hackers? The reason being is that small businesses are highly attractive targets for any hacker given the relatively ease with which their respective computer security measures, assuming there are any, can be breached. Furthermore, many small businesses conduct business with larger organizations and can, therefore, offer cyber criminals access to their networks through their IT.
This allows the cyber criminal to exploit the access provided to the small business to gain access to the systems of larger businesses. These types of incidents are extremely common and examples include the Talk Talk incident which cost the company significant damage including a record fine of GBP 400K and major reputational damage.
Why are SMEs vulnerable to attack?
Due to size and scale of the ventures, small business have very different priorities when compared to larger businesses. More often than not, the priority for the business is maintaining cash flow, developing new business leads and opportunities over and above cyber security.
Therefore, due to the operational environments where the teams are often resource and time constrained. Taking the time to develop and write security policies for the business can seem like a complete waste of time. Furthermore, many small businesses, for one reason or another, do not take cyber computer security seriously.
One major problem is the lack of a basic education in computer security. The range of technology solutions available for businesses is extensive and is now far more cost effective for small businesses. However, its often the people within the organizations that is the weakest link in the chain. Most research on cyber incidents indicates that the attack occurred as a result of a human error.
So what can small businesses do improve their defenses against cyber criminals?
There are many ways a small business can defend itself against potential cyber attacks. For example, its estimated that approx 41% of small businesses have a secure WI-fi router. Therefore, the chances are that you need to password protect your company’s WI-Fi. We have also provided a number of other potential options that businesses might want to consider to enhance their security –
1. Utilize systems such as anti-virus, firewalls and encryption
It is important to ensure that you are using and, most importantly, maintaining your firewalls and anti-malware/spyware devices. Commercial anti-virus software provides an efficient and cost effective way for organizations to improve their security. New anti-virus software solutions can be licensed to a number of devices and managed centrally. As updates are released the manager can ensure that each and every device is updated. This presents an ideal way for a small business to rapidly improve its computer security.
2. Conduct a review of your assets and potential risks
It is important to take the time to conduct a thorough analysis of your company’s assets to determine what information assets are critical to your business, that is both physical and digital. This will allow you to identify any critical systems and data and consider the potential threats and vulnerabilities which vary depending on the sector your business is in. As a small business owner you can then develop a plan to protect those assets and to look at how you could continue to do business in the event of an attack.
3. Ensure that you back up your data
It is vital that any business, no matter what the sector, has a back up plan for your data. This has never been easier with cloud services providing a reliable and cost effective offsite backup solution for small businesses. A cloud-based disaster recovery plan can help to get your business back on track quickly. However, its important to remember that you should encrypt your files before uploading them to the cloud for extra protection.
4. Implement Access Controls
Access to important data should be restricted within your business and granted to only a select number of individuals. This process can help to dramatically limit the amount of damage an attacker can do if they should gain access to another unprivileged account. For example, access to any sensitive data within the business such as financial or payroll should be restricted to those individuals who need access for their role.
5. Security Awareness Training
One of the key steps to secure your business is by providing security awareness training. This is particularly important given that the majority of incidents are caused by human error; over 70% in recent studies. Security Awareness Training will provide an ideal method to help to develop secure behaviors amongst your staff and can cover anything from physical security such as leaving doors or windows unlocked to accidentally divulging your password. It is imperative that your staff receive training on password management and safe use of email and password. This also includes those staff that are operating remotely. By spending time educating your staff on the potential threats this will significantly enhance your computer security posture