data security

Data breaches occur because SMEs make the easy mistake of assuming it “won’t happen to us.” But what happens when it does happen to you? SMEs are often a prime target for cyber criminals, so the effectiveness of your cyber security measures simply cannot be overlooked.

Cyber criminals are just like us – they’re human and they usually choose the path of least resistance. So, because smaller businesses often invest less in effective security measures, they can be easier targets for hackers.

In January 2019 it was reported that one in five small businesses (20%) said they’d experienced a cyber-attack in the last two years. This number has since risen, in line with the COVID-19 pandemic and rise in remote working, which has allowed scammers more opportunity to trick and deceive.

We’ve listed below 7 specific reasons SME’s need to prioritise data security NOW. Read on to discover what they are and our quick tips on how to improve your security and minimise risk…

1. Increase in remote working practices

Many of us have been working remotely since the initial lockdown in March 2020, whilst some may be returning to remote working recently following the second national lockdown. Either way, remote work is now very much the norm. Whilst working from home is reported to improve overall employee satisfaction and productivity, you also need to be aware of the additional risks – you now have less control over how employees use devices, what devices they use, the security of their internet connection etc. You can find out more about all the potential risks of remote working and how to minimise them by downloading our free guide here!

2. Compliance

Complying with privacy and data protection regulations is more complicated than you might think and failing to comply (even if it is an innocent oversight) could leave you with a hefty fine. This is especially true since the new GDPR regulations were brought in in May 2018 – you need to be aware of these changes and ensure you have the right systems in place to comply with them. To avoid fines, you need a structured and detailed compliance plan that covers everything from staff training to the security systems in place. There is never an 100% guarantee that a data breach won’t occur, but you should have every measure in place to prevent it. Plus, GDPR sanctions are much lower if you can prove your data was properly encrypted.

3. More vulnerable to ransomware attacks

A ransomware attack occurs when a cybercriminal locks down business devices and encrypts their content, demanding money in exchange for returning your data. What makes ransomware attacks even more daunting is that there’s no guarantee cyber criminals will give your data back once you’ve paid, leaving your business in a very vulnerable position. Shockingly, according to Beazley Breach Response Services, 71% of ransomware attacks target SMEs as opposed to larger firms, meaning you must have effective data security measures in place.

4. The cost of a data breach could be detrimental to your business

Before choosing whether to prioritise data security, you need to consider whether you could afford not to. The average cost of a cyber breach to small businesses based in the UK was £11,000 in 2019, although it can be a lot more. For example, Kansas-based car dealership, Green Ford Sales, lost $23,000 when hackers managed to infiltrate their system and add nine fake employees to the company payroll, paying them within 24 hours before anyone noticed. In total, they paid out $63,000 but only some of the transfers could be cancelled in time, meaning Green Ford Sales were left $23,000 out of pocket. In fact, Cyber Crime Magazine report that 60% of small businesses go under within 6 months of a cyber breach. Part of what makes SME’s such a target to cyber criminals is their reluctance to invest in substantial data security measures. What SMEs need to weigh up is whether the cost of effective IT security is worth the risk of a data breach. Are you prepared to risk your business failing because of a cyber breach or are you ready to invest in adequate cyber security measures to protect it from doing so?

5. Scammers will adapt quickly to changes in tech

For most cyber criminals, hacking businesses is a full-time job, which means they have lots of time to research and stay on top of industry trends (much more time than you do!) Technology is an everchanging industry that won’t slow down – even in the midst of a pandemic, which is why it’s so important to stay on top of things and make sure you know the latest threats and how to protect yourself from them.

For example, artificial intelligence is increasingly being used by hackers to trick employees into granting access to confidential info. In the same way that artificial intelligence can be used for good (smart home devices, Google maps, Amazon recommendations etc.) it can also be used for malicious purposes. As such, you need to ensure you have the right security measures in place, as well as access to technology experts who can advise on the latest threats.

6. The risk of personal devices

If employees are using personal devices for work purposes, they likely won’t have sufficient security measures in place. For example, standard antivirus software is not effective enough to manage business related data. Additionally, if employees use a public WiFi connection for business purposes, this could pose a significant risk to the security of your data, especially when making payments. As such, you need to have a strict IT security policy in place whereby you ensure that all devices and WiFi connections used are secure, particularly when working from outside the office.

7. Increased vulnerability due to COVID-19

The COVID-19 pandemic has put many things on pause, but not cybercrime. In fact, in April 2020, Cloudflare reported that online threats had risen by a least six times their usual levels over the past four weeks.

Over the course of lockdown cyber criminals have had more time to innovate and create new convincing, targeted scams. They understand that people are feeling vulnerable and confused in such unprecedented times and are taking advantage of that by implementing coronavirus-related scams. You can read more about the types of coronavirus scams that are circulating and how to protect yourself from them here.

As businesses are focusing on other COVID-19 matters (such as, remote working, employee wellbeing, cost cutting etc.), cyber security is often overlooked – leaving your data vulnerable and allowing cyber criminals to infiltrate your business. As such, you need to prioritise your data security NOW to minimise risk, save money and keep your data secure.

Next steps…

Now that you know how important it is to protect your data (no matter the size of your business), you need to know exactly how to do so… We’ve put together some quick suggestions below to help you to take steps to protect your data.

  • Enrol all your staff in cyber security awareness training to ensure they have the skills and knowledge to recognise and avoid potential threats
  • Introduce access control, whereby access to data can be allowed or restricted for certain employees (you can do this with Microsoft Intune, which we’ve written about here)
  • Implement effective antivirus software with high detection rates to maximise your security
  • Protect your data with a fully managed firewall
  • Introduce multi-factor authentication to add an extra layer of protection to your passwords
  • Ensure all security software, apps, systems and devices are always up to date
  • Establish an IT security policy that is regularly reviewed and amended in line with industry trends
  • Seek advice from IT support and technology consulting specialists who can offer cyber security solutions that are tailored to your business and its goals (we can help with this! Get in touch today to find out more)

Please note that no method is 100% secure in itself and we recommend a multi-layered approach to cyber security to minimise risk as much as possible. Get in touch today to find out more about how we can protect your SME from threats and maximise data security.