A survey of members of the Federation of Small Businesses (FSB) has revealed that small businesses are carrying the cost of cyber crime, and are collectively attacked seven million times a year – costing the UK economy an estimated £5.26bn.
This cost to small businesses is disproportionately greater than the cost to larger businesses when adjusted for organisation size.Two thirds of small businesses have been a victim of cyber crime in the past two years. On average, those affected have been victims on four occasions.
There is clearly a lot of potential to improve cyber security in smaller businesses. According to the FSB survey, only a quarter of smaller businesses have a strict password policy, only 4% have a written plan of what to do in the event of a cyber attack, and only 2% hold a recognised security accreditation such as ISO 27001 or the Cyber Essentials Scheme (government led).
What should small businesses do to protect against cyber threats?
Small businesses can become more secure by achieving and following a recognised security standard such as ISO 27001 or the government’s cyber security scheme.
Small businesses should also ensure they have adequate protection in place in the form of firewalls, anti-virus, email security, and that their workstations, applications and servers are all patched and updated on an ongoing basis.
Many small businesses do not have the resources internally to ensure that all systems are secure, and all personnel are following security best practices.
Engaging with an outsourced IT partner (MSP) gives small businesses access to experts who will be able to consult on security best practices, implement more secure solutions, and manage IT systems (i.e. enforcing password policies, blocking suspicious emails and web traffic, etc.).
An outsourced IT partner provides your business with all of the skills you need to ensure you are secure and protected, so you don’t have to worry about finding technical people to secure your systems in-house.
Don’t assume your business is below the radar and won’t be targeted. Cyber criminals can target anyone in the world, FROM anywhere in the world. They’re always looking for targets and will not hesitate to attack once they’ve identified a vulnerability. Many criminals use automated tools to scan for vulnerable systems, so you don’t need to be a well known name to be a target.
SMEs can also be targeted as part of an attack on a larger organisation if the SME is potentially a weak link that will gain the attacker access in the larger organisation’s security environment.
Key security questions for SMEs to consider:
- Is the responsibility of IT security assigned to a named individual in your organisation?
- Do you know which systems are critical to your business and which ones pose a security risk?
- Is loss or leakage of customer data a threat to your business?
- Is IT downtime a threat?
- Is data dispersed across your business (i.e. across servers, email files, desktops and online systems), or is it held centrally in a secure place that is backed up to multiple locations?
- Are you taking advantage of the cloud? It may be more cost effective for you to back your data up to the cloud and take advantage of advanced security features offered by your hosting provider.
- Are your employees cyber aware and following good security behaviour? Many cyber attacks target your employees – who can unknowingly fall into a trap which results in a successful security breach (i.e. falling for a phishing email, spoof website or not using secure passwords).
The potential impact of a cyber attack on your business:
- Theft of customer data
- Theft of funds from business bank accounts
- Unavailability of IT systems
These three potential outcomes from a cyber attack could all potentially result in going out of business. At the very least, your reputation would be damaged causing financial losses. Depending on the severity, you could also face legal action in some sectors.
It’s not worth hoping you’ll fly under the radar. At some point your business WILL be targeted. Ensuring your business is adequately protected from cyber attack is an extremely worthwhile investment.
Your checklist for choosing an IT Support partner
Ensure you’re asking the right questions to find the right IT partner for your business.
Not all IT support companies are the same. If you want to find one that’s proactive and works to improve productivity in your business whilst reducing risk, you need to ask the right questions.
Download this checklist and ensure you partner with a company that will add value.