There can be no disputing the fact that technology has a growing role to play in organisations of all sizes. But, with this increased interconnectivity and reliance on digital networks, comes a mounting risk of cyber security threats that have the potential to cause more disruption to businesses than ever before. The consequences of such cyber attacks are often even more destructive for SMEs, who fear they cannot afford specialist expertise or high-spec encryption to safeguard their infrastructure. So what can SMEs do?
Understanding the landscape
Having a genuine understanding of the ‘digital dangers’ that exist, is one of the first crucial steps for modern businesses.
Allianz recently identified cyber crime as the number one risk to UK SMEs in 2017, and with the recent opening of the National Cyber Security Centre in London, the government seems committed to combatting such attacks. Yet small businesses continue to be naïve about the threats they face, with figures from Juniper Research showing that 74% of SMEs think they are safe, even though half of those surveyed have previously suffered a data breach.
A report from the Federation of Small Businesses emphasises the dangers of such complacency, revealing that smaller businesses are attacked seven million times a year. The FSB reports that despite 93% of SMEs taking measures against cyber threats, 66% have been attacked in the past two years, adding up to more than £5 billion in costs to the UK economy.
Acknowledging the risks
If appropriate cyber security measures are not implemented, sensitive information stored by SMEs can be targeted by hackers in seconds using sophisticated viruses or phishing. This means data such as clients’ or customers’ personal details, is at risk. There has also been a reported increase in the use of malware to completely take over control of organisations’ computer systems.
The consequences for SMEs who fall victim to such cyber attacks can of course vary. However, the implications often include financial losses as a direct result of the breach, not to mention the cost of repairing the damage and any legal penalties that may be imposed for failure to comply with the Data Protection Act. Security breaches can also cause irreparable reputation damage, with real potential for a loss of custom due to negative publicity. The topic can therefore no longer be ignored.
How can SMEs stay cyber-secure?
Despite the challenges posed by cyber threats, there are several simple actions that SMEs can take to protect their data and systems.
- Understand and manage the risks
Being aware of the issues and risks is the first step to making cyber security improvements. Proactivity in identifying where data vulnerabilities are and where defences should be implemented is vital to ensuring sensitive information is protected. As simple as it may seem to set up strong passwords and delete suspicious emails, these basic actions help lay the groundwork for cyber-secure business practices thereafter.
- Provide education and training
While extensive security training can be expensive for small businesses, there are useful and freely accessible Government resources available, including a ‘Responsible for Information’ training course specifically designed for SMEs. Human error is widely cited as a weakness in even the most sophisticated cyber security systems, so spreading organisation-wide awareness of both the risks and good practice, is essential.
- Choose a safe storage option
There are debates surrounding the security of cloud storage, with many questioning how secure the services on offer really are. However, if a reliable and professional service provider is chosen, cloud storage can be a great option for SMEs, with providers offering increasingly thorough security, including firewalling, encryption and threat detection.
- Invest in effective software
Prevention is better than cure in this case, and a small investment in anti-malware and anti-virus software will be more cost effective for SMEs in the long run, than the financial implications of a cyber attack. Additional intrusion detection as well as personal device encryption are also measures that SMEs should be taking to protect sensitive data, and prevent access to attackers through the ‘back door’.
- Report any breaches
The Juniper report shows that while 69% of respondents would immediately report a cyber breach, 18% might wait until the following day if they didn’t deem it a real problem. Any attack or breach should be immediately reported to ActionFraud by calling 0300 123 2040, and expert advice sought. A timely response will minimise damage and costs!
Find out more about how Q2Q’s proactive IT support can protect your business from cyber attacks, or, for an assessment of your entire IT infrastructure, please request a free IT audit.