The cost of cyber crime is high. Both in terms of the immediate financial loss and the productivity which is impeded by downtime. It is therefore important for organisations to do everything they can to protect themselves.
The problem facing many SMBs is that they do not have the resources to pay for expensive security systems or to revamp their entire IT infrastructure.
However, this shouldn’t put anyone off from improving their cyber security. There are plenty of affordable options. The most important thing, and the most cost-effective solution, is to ensure that you are getting the basics right. Small changes can make a huge difference.
As Ciaran Martin, CEO of the government’s National Cyber Security Centre, has said: “Most of successful cyber-attacks are not that sophisticated, but can cause serious commercial damage” By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities”.
To beat cyber criminals, business owners need to lead from the front.
They need to:
- Thoroughly research the topic
- Be bold with decisions and strategy implementation
- Commit to seeing their strategy through to its completion
- Be passionate so their employees follow their example
The main barrier to better cyber security is a mixture of reluctance and complacency from business decision-makers. Where resources are tight and other priorities may seem more immediate, it is understandable that some SMBs, are reluctant to change. However, senior management need to understand the severity of threats and the need to act now.
Sadly, many have learnt the hard way. In the last year, the number of businesses that have suffered data breaches has doubled, rising to 46% of all UK businesses. Avoid putting off making the necessary changes, as it is only a matter of time before your business may be attacked.
Without strong leadership on these issues − and a shift away from the “it won’t happen to me” attitude – nothing will change, until it’s too late. Strong leadership to drive and sustain the necessary cultural shift is required.
Better education – cyber crime
Staff training is essential. It only takes one employee to be careless for one second to:
- click on a malicious link
- fail to update their password
- leave their laptop on the train.
Recent research shows that only seven in ten businesses provide their staff with guidance on password strength, and only one in five provide any cyber security training.
When it comes to training, focus on the basics:
- The importance of strong passwords
- How to spot suspicious emails
- How to avoid suspicious websites
- Why you should download software updates and patches
- How to spot and then report data breaches
Technology is one answer to the problem of cyber security, but it is not the only answer. Without training, human error can make technology redundant.
But, when it comes to the tech, there are several areas that small businesses should look at, including the following:
- Installing and/or buying security software
- Using the most up-to-date version of operating systems and software
- Only buy software from reputable sources and accredited partners
- Moving to the Cloud
- Talking to third-party security service providers
When it comes to the basics, protect your machines and network by installing basic security software, including a firewall, antivirus protection, spyware and malware protection. Using software that has stopped being supported by the company that created it is a huge risk, as was seen with the ransomware attacks.
While it might not be the right option for every business, for many, moving to the cloud can really improve their security set-up. Many cloud services have excellent security measures in place, taking much of the burden off your shoulders. What’s more, with a cloud environment, you will automatically receive rolling updates on the software you use.
Led from the boardroom and C-level, security planning needs to take the form of a stringent and calculated strategy that results in procedures for employees to follow. Procedures need to be standardised, well-defined and rolled out company-wide.
They should include the following: –
Eliminate human error by automating processes as much as possible.
Ensure your data is systematically backed up. Include anything that is critical for example: –
- financial records
- client data
- employee data
After an attack, you need to be able to quickly and securely retrieve your backup data. Test your Recovery processes regularly.
It is important that procedures are in place for reporting breaches and cyberattacks, with GDPR coming into play in 2018.
Having good permission management procedures in place will alleviate internal threats.
Ensure that all devices meet strict security standards − secure passwords, device onboarding and constant compliance monitoring. Do you have protocols in place about devices that can and cannot be used? Also, which sites and applications are forbidden.
To keep up with the ever-changing threat, training must be an on-going process.
Cyber Crime – Better support
Enlist the help of a third party that specialises in IT security services.
Trusted partners can send IT technicians and engineers to examine your IT systems and processes and determine where your business is vulnerable. They will recommend the services and training required and be there to help you every step of the way.
Government research indicates that although 68% of small businesses have acted on five or more of these 10 Steps to Cyber Security (see box below), only 6% had undertaken action on all of them. This research comes from the government paper, published in April 2017 just months before the WannaCry ransomware attacks.
Although this data doesn’t give us an indication as to how the situation has changed since the attack on the NHS, it indicates just how poorly protected many businesses were only a matter of months ago.
Are you ready to save your business?