A survey of members of the Federation of Small Businesses (FSB) has revealed that small businesses are carrying the cost of cyber crime, and are collectively attacked seven million times a year – costing the UK economy an estimated £5.26bn.
This cost to small businesses is disproportionately greater than the cost to larger businesses when adjusted for organisation size.
Two thirds of small businesses have been a victim of cyber crime in the past two years. On average, those affected have been victims on four occasions.
There is clearly a lot of potential to improve cyber security in smaller businesses. According to the FSB survey, only a quarter of smaller businesses have a strict password policy, only 4% have a written plan of what to do in the event of a cyber attack, and only 2% hold a recognised security accreditation such as ISO 27001 or the Cyber Essentials Scheme (government led).
What Should Small Businesses do to Protect Against Cyber Threats?
Small businesses can become more secure by achieving and following a recognised security standard such as ISO 27001 or the government’s cyber security scheme.
Small businesses should also ensure they have adequate protection in place in the form of firewalls, anti-virus, email security, and that their workstations, applications and servers are all patched and updated on an ongoing basis.
Many small businesses do not have the resources internally to ensure that all systems are secure, and all personnel are following security best practices.
Engaging with an outsourced IT partner (MSP) gives small businesses access to experts who will be able to consult on security best practices, implement more secure solutions, and manage IT systems (i.e. enforcing password policies, blocking suspicious emails and web traffic, etc.)
An outsourced IT partner provides your business with all of the skills you need to ensure your business is secure and protected, so you don’t have to worry about finding technical people to secure your systems in-house.
SME Security Questions to Consider
Don’t assume your business is below the radar and won’t be targeted. Cyber criminals can target anyone in the world, FROM anywhere in the world. They’re always looking for targets and will not hesitate to attack once they’ve identified a vulnerability. Many criminals use automated tools to scan for vulnerable systems, so you don’t need to be a well known name to be a target.
SMEs can also be targeted as part of an attack on a larger organisation if the SME is potentially a weak link that will gain the attacker access in the larger organisation’s security environment.
- Is the responsibility of IT security assigned to a named individual in your organisation?
- Do you know which systems are critical to your business and which ones pose a security risk for your business?
- Is loss or leakage of customer data threatening to your business?
- Is potential unavailability of IT systems threatening?
- Is data dispersed in your business (i.e. across servers, email files, desktops and online systems), or is it held centrally in a secure place that is backed up to multiple locations?
- Are you taking advantage of the cloud? It may be more cost effective for you to back your data up to the cloud and take advantage of advanced security features offered by your hosting provider.
- Are your employees cyber aware and following good security behaviour? Many cyber attacks involve an employee in the process – who unwillingly falls into a trap which results in a successful security breach (i.e. falling for a phishing email, spoof website or not using secure passwords).
Download Your Example Security Policy:
Click the above button to download your template and begin creating a security policy to employ in your business.
What Would be the Potential Impact of a Cyber Attack on your Business?
- Theft of customer data
- Theft of funds from business bank accounts
- Unavailability of IT systems
These three potential outcomes from a cyber attack could all potentially result in going out of business. At the least, your reputation would be damaged and you would also lose money. Depending on the severity, you could also face legal action in some sectors.
It's not worth hoping you'll fly under the radar. At some point your business WILL be targeted. Whatever it costs to tighten security in your business is a wise investment.