The myth that small and medium-sized enterprises (SMEs) don’t face a threat couldn’t be further from the truth. For a hacker, SMEs are seen as easier targets as they believe less is being done to protect data. This data might be information about clients, customer details, bank details or it might be a way into one of your customers’ systems where you are linked through e-commerce, by email or in some other way.
A report from PWC commissioned the Department for Business, Innovation and Skills confirmed that 74 percent of SMEs reported a security breach. However, only seven percent of small businesses expect information security spend to increase in the next year.
Not all threats are external. In fact, many cyber-related losses suffered by UK SMEs come from within, for example, when employees deliberately misuse data. Sometimes the damage is unintentional, for example, when an employee accidentally corrupts valuable data.
Ransomware affects both SMEs and individuals alike. Hackers are intelligent – they do not ask for millions from their victims but instead ask for a sum of money that is significant but acceptable to most people. Arguably, it might be easier to target many SMEs and demand relatively small payments, than target a large conglomerate and ask for a huge bounty.
The weak point is the user who clicks on links in emails or opens attachments. This is when the vicious circle begins. Before paying the ransom to get back to “normal” operations, just remember there are many groups out there who will share your information. The evidence that you are willing to pay will quickly be passed around to other similar groups.
Brexit or no Brexit, the issue of cyber-security for small businesses is made even more pressing by new European regulations aimed at protecting customer data. The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being fined up to €20 million, or four percent of their annual turnover, whichever is greater, for allowing any security breaches to compromise their customer data.
Taking all of this into consideration, here are some basic steps that SMEs can take to better protect themselves:
Keep software updated: Download software and app updates as soon as they appear. They contain vital security upgrades that keep your devices and business information safe. Many instances of hacking have relied on businesses not staying updated with software patches.
Make passwords stronger: Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger. You could also consider using a password generator. Why not develop a company policy on strong password practices?
Be vigilant with emails: Delete suspicious emails as they may contain fraudulent requests for information or links to viruses. Unsolicited emails often contain attachments or hyperlinks (particularly shortened links); many phishing attacks attempt to trick you into opening a file loaded with malware or to visit a site which runs malicious scripts on your computer
Install anti-virus software: Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install Internet security software like anti-virus on all your devices to help prevent infection. Don’t settle for free or ‘lite’ versions but go professional; spend a little bit of money, it’s a wise investment.
Train your staff: Make your staff aware of cyber-security threats and how to deal with them. Most security issues are based on ignorance, not malicious intent. Assume staff don’t know all the answers and give them an environment to learn.
Sampson hall have an Organisational Cyber Awareness Programme with a board level cyber briefing to ensure the proximity of the threat and the risk involved is fully understood at the highest levels. The briefings allow informed decisions to be made to ensure that the issue is attributed to the right people in an informed and appropriate manner, so ensuring business leaders understand the entirety of the cyber risk and what should be transferred, mitigated or where the remaining risk should be held.
This is followed by a human cyber audit using Sampson Hall’s Gordian Model. The Gordian Model is a gap analysis tool and the cyber audit is conducted online using designed and targeted cyber statements. It can be easily tailored to suit any organisation. Click here to discover more.
The Gordian Model assessment is repeated in six to twelve months following any intervention to measure the distance travelled by the organisation. Our learning and development interventions include a top quality bespoke digital induction programme to ensure all staff, contractors and suppliers are aware of the cyber threat and alert to social engineering, phishing and scamming threats and conform to the cyber policy.
Click here to view information regarding our online cyber awareness course
Please contact us on 0844 848 9594 or click here to e-mail for further information on any of the human or technical solutions we have on offer. Also watch our short video below: