According to latest figures from the annual Barclays Hopes and Fears Index of SMEs, 41% of them cited the threat of cyber attacks as one of their top three fears for 2018.
The news comes on the back of SMEs becoming increasingly positive about technology, with 48% believing that the availability of better technology will have a positive impact on their growth during 2018, as opposed to 37% who believed that a year ago.
Cyber-attacks can cost organisations thousands of pounds and cause lengthy periods of disruption, damaging trading as well as reputation. A loss of company and client data could see businesses fined under data protection laws, which when the new General Data Protection Rules (GDPR) come into force in May 2017, are set at up to 4% of turnover or 20 million Euros.
If you don’t have security measures in place or a plan for what you would do if your customer database was stolen, your website was forced offline, or you couldn’t access your email or business-critical data, you are putting your business at risk.
One of the first steps you can take is to carry out assessments and implement processes such as those set out in the Government-backed Cyber Essentials and Cyber Essentials Plus schemes.ITPS
Cyber criminals don’t just attack banks and large companies, they target any organisation that is not properly protected, exploiting basic weaknesses in your IT systems and software.
So what can businesses do to prevent attacks?
One of the first steps you can take is to carry out assessments and implement processes such as those set out in the Government-backed Cyber Essentials and Cyber Essentials Plus schemes.
Cyber Essentials has been developed by Government and industry to help organisations put in place the basic controls to mitigate the risk from common internet-based threats. It addresses the most common threats, specifically those that use widely available tools and require little skill. The scheme considers these threats to be:
– hacking – exploiting known vulnerabilities in internet-connected devices, using widely available tools and techniques
– phishing – and other ways of tricking users into installing or executing a malicious application
– password guessing – manual or automated attempts to log on from the internet, by guessing passwords
Since 2014 Cyber Essentials certificates have been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services.
Cyber Essentials is not a silver bullet that will remove all cyber security risks. It is not designed to address more advanced, targeted attacks, and organisations who face these threats will need to implement additional measures, but it is a sound starting point on the road to becoming GDPR compliant.
Our cyber security experts can guide you through a clear, step by step process designed to help protect your business. Give us a call or come along to one of our regular security briefings to find out more.