British Chambers of Commerce figures reveal that 20% of businesses have been hit by cyber crime in the last 12 months. While large firms are usually the targets, SMEs are also extremely vulnerable says Steve Nelson, Operations Director of Calibre Secured Networks Ltd.
Cyber-crime is deadly and on the rise, and SMEs are in the sights of those criminals who inhabit a dark and dangerous digital underworld. Data from 2016 indicates that cyber breaches cost from £35,000 to £180,000 for small businesses. This might sound slight but it could spell the death knell for hundreds of small businesses existing on a financial knife-edge.
So why are SMEs vulnerable? Cost is an overriding concern – large corporates are able to invest in the latest, bespoke IT security solutions while SMEs often do not have the capital or resources for these. Consequently, they might lack the policies and procedures to protect their people and systems. Neither can they afford to train their people to the level necessary to deal with sophisticated cyber risk.
But of course, it shouldn’t have to be this way and there are some basics that SMEs can implement, much of which revolves around people and processes. It’s also about educating employees before even touching the technology. While no one should ever deserve to be hacked, almost daily incidences of poor practice highlight that people are always the weakest link and employees need to know security matters.
Simple tips include making sure that passwords are not left lying around and that strong passwords are adopted company-wide. Anti-virus software must be kept up-to-date and use basic encryption products. Training can help: employees can be shown how to spot phishing e-mails and better manage the web presence, and issued with some basic system configuration do’s and don’ts that will all help.
Administration access to your systems should only be granted to select individuals. This can help limit exposure and the amount of damage a hacker can do if they are able to break into to an unprivileged account. Similarly, keep sensitive data, like payroll, out of the hands of anyone who doesn’t need it to do their job.
The clock is also ticking for SMEs when it comes to tightening up their cyber protocols. The General Data Protection Regulation (GDPR), which comes into force in May 2018, will strengthen and unify the safety and security of the information held by an organisation. This regulation coupled with the Cyber Security Directive, will see a further requirement for compliance for all UK businesses, forcing them to adapt, or even adopt new approaches to the way they tackle both data and cyber security issues.
It will be incumbent upon business owners and managers to make sure that personal data is reasonably protected and an individual’s privacy protected. The Cyber Security Directive will require providers of ‘critical’ digital services such as energy and banking to instigate ‘appropriate security measures’ relating to the detection and reporting of search engine and cloud computing breaches.
The internet is essential. Like any environment there are some safety rules. Protection doesn’t have to cost the earth and can actually enhance your future prosperity. SMEs should not be bamboozled by corporate spin or taken for a ride with substandard products wrapped in jargon. Rather, they should be helped along the way if they are to defend themselves properly. After all, knowledge is power.
A good IT partner can help you manage your online presence in a safe, secure and compliant way. Check that they hold ISO 27001 among other relevant accreditations but also consider their experience in these matters it always counts.