March 18th, 2015
It’s not just major businesses and organisations which need to put the emphasis on cyber security. A new report from government initiative Cyber Streetwise has shown up the risk to SMEs. The warning is that many companies are risking both revenue and reputation by failing to secure key data.
The internet and the growth of digital technology have brought enormous benefits to small businesses and helped them to expand. But, in taking advantage of these opportunities, it is also vital to be aware of responsibilities regarding security.
In the survey, 22% of firms questioned said they didn’t even know where to begin to improve protection of their information. However, the good news is that help is at hand. By taking a number of simple steps, you can make sure your business is safe online and stop hackers from costing you time and money.
What Are the Risks – and the Myths?
Cyber-attacks have been in the news recently, with headline-grabbing incidents such as the major attack on Sony Pictures. Looking at these stories, many SME owners wrongly assume it is only larger businesses which are at risk. In fact, however, smaller enterprises are becoming a bigger target than ever and, according to the new report, they may be risking almost a third of their revenue as a result.
Cyber Streetwise found in its research that two thirds of SME owners thought their business was not likely to face attack. Worse still, more than three quarters of the companies surveyed believed at least one of the myths surrounding online business safety. A worrying 22% of respondents assumed hackers would never target small firms, while 26% thought only firms receiving online payments were vulnerable.
It is true that payment software does tend to be a target, but other data can also be tempting to hackers. There’s a danger that small businesses may be regarded as a soft target because they often have a lot of information stored on their servers, but without the safeguards and encryption which are standard practices for larger companies.
As a business owner, you need to be aware of different types of threats which may exist. This includes the possibility that former employees or commercial rivals may target your systems to get hold of information. There could also be potential for spammers or cyber-criminals to harvest email addresses and other valuable data.
What Can You Do to Combat the Threats?
Small businesses can take steps to combat cyber-crime and improve security. Here is a brief look at some of the most vital areas which an SME owner needs to consider.
Look at How Your Business Could Be at Risk: Just as you carry out risk assessments for your premises, it’s important to do the same for all your IT-based assets and information. Firstly, consider what data you have which needs protection and where it is held. This includes data stored on your own machines or “in the cloud”.
Next, look at how this data could be at risk, considering different types of threat, ranging from physical theft of computers, USB sticks or mobile devices to cyber-hacking of your systems. Networking with other small companies in your area or your commercial sector is essential here, meaning you are aware of any attacks on others and can act to protect your own business against similar threats.
Act to Secure All Your Business Data: Assess the security measures which are in place to protect your data. Also look at who has access to your data and ensure they have the right training and awareness. If you are using third-party services, or employing freelances and contractors, check they are treating your information with the same care as staff working in your offices.
It’s important to make sure that anti-virus and anti-malware systems are in place and regularly updated, and that your network has the right security controls in place. You also need to manage user privileges to ensure that access is only available to staff who need it. Use of mobile devices should be restricted and any data held on these needs to be encrypted as an added level of protection.
Regularly Review your Cyber Security: Once you are happy that your data is adequately protected, it is also vital to keep this whole area under constant review. You need to re-examine your security measures regularly to see if any changes are needed, including user access, as staff join, leave or change their roles.
Getting Advice and Help
Expert advice and help on cyber security are available from official Government websites, including the Cyber Streetwise initiative and the Department for Business, Innovation and Skills. Organisations such as the Federation of Small Businesses can also advise you, together with local business organisations. Networking with other businesses is one of the most valuable ways of getting advice, as you can discuss with them what safeguards they have put in place.
Basepoint helps businesses by offering IT support and providing the latest technology. It also organises seminars and networking events, while the unique MiBase support service for licensees makes free mentoring and advice available round the clock. This means you can quickly get help with any worries you may have, including cyber security issues.