Data breaches, hacking, malware, ransomware, viruses, phishing… you can’t avoid hearing about these nasties at the moment. It seems the world has become a scary place online and if you’re in business right now then you will have probably been warned about cyber security.
But does all this really affect your small or medium business? Or is cybercrime and cyber security just for large corporates and big companies to worry about?
Many SMEs think that it’s unlikely that they will be affected by the new threat to UK businesses but that might be very naive. If so far you’ve not taken these threats seriously, read on…
So are you at risk? And what should you do to protect yourself? NMG Consulting have given us a run down.
What is cyber security?
The term cyber security is a relatively new one and one you’ll be seeing more and more. It’s becoming more likely that a business will be affected by a cyberattack rather than a traditional robbery.
Cyber security is simply the act of protecting your data and sensitive information which you store online, on a server, or in a cloud.
Protecting your company’s sensitive and valuable information needs to be carefully considered and carried out and it’s not something you can hide from anymore. The threat is very real… especially to a small to medium enterprise. Smaller businesses are easier targets for hackers who want ‘low hanging fruit’ from businesses who don’t have the appropriate defences in place. They’re a lower risk alternative to the huge financial institutions.
How often do cyberattacks happen?
According to the World Economic Forum, cyber-attacks are now the third most likely global risk for 2018! They follow closely behind extreme weather conditions and natural disasters! Yes, we’ve created a monster. But just like acts of mother nature, you probably think, “It won’t happen to us”.
Cyberattacks are more likely to happen though. Extreme weather and earthquakes are very geographically based, whereas cyberattacks can affect anyone or everyone at anytime, anywhere in the world.
Maybe one day cyberattacks will be the biggest threat to the world?
Am I too small to be bothered with?
It’s a common misconception that hackers only go after the big companies. We’ve all heard the news about the huge BA security breach or the more recent hack of the ‘View As’ feature on Facebook, which affected 50 million accounts.
So you might think that a one-man band in Basildon isn’t at risk because it’s not worth the bother, but it doesn’t work like that.
Business size doesn’t matter. All companies have something which could attract hackers and competitors. Whether it is company data, personal data, or research and development. If you’re taking card payments, have login details, data on clients, or even just email addresses and phone numbers, you’re attractive to hackers. They carry out automated mass targeting and that could include you.
Start taking cyber security seriously. Your customers and supply chain do…
If you’re an SME then now is the time to start taking action to protect your business. The reputational damage from a cyberattack can cripple an SME and in many cases even put them out of business.
Imagine what would happen if:
- All your customers suddenly had loads of spam email from you.
- Your customers credit card details were lost or stolen.
- Your website was hacked and had malicious malware embedded into it.
How would that look on your business? How much would that cost you financially and in reputation?
Since the introduction of GDPR, more and more companies are interested in how you store data and who your share it with but also what processes you have in place. Many businesses have processes in place to check your policy to ensure they are compliant and so can’t work with you if you don’t have them.
So what should you be doing in your small to medium enterprise?
- Risk assessment: Understand what to protect. Take proactive steps to understand the threats your organisation faces. By conducting a risk assessment, you can prioritise your activities by only focusing on high/medium risks.
- Supplier assurance: Outsourcing your IT, HR, Finance, or other areas of your business? Then you need to ask questions of your suppliers to make sure that they’re taking the right steps to be compliant to help you stay compliant in turn.
- Security awareness: You need to make sure that your team are fully trained, too. Having the latest technology to protect yourself is now not enough when your biggest flaw could simply be poor password management or storage of data by the humans around you. Do they know what’s expected of them and what’s permitted?
- Build a strategy: Much like you would plan what to do in the event of a fire, make sure you plan what you’ll do before during and after a cyberattack. The strategy should be built to complement your business objectives and your strategy should focus on continual improvement too. Don’t bolt the door once the horse has bolted – get this in place as soon as you can.
- Get external verification on cyber security controls: Standards such as ISO 27001 are recognised around the world. They give your customers and clients a sense of comfort and confidence. It demonstrates you’re not burying your head in the sand and can give you the competitive advantage, too.
So what are the key cyber security threats to your small business?
You can protect yourself and your business against all of these so you’re not left vulnerable to attacks. Don’t get caught out with the third largest threat to the globe – get help and strategy in your business now.
If you need help, we’d be happy to advise you.
Contact us now and we’ll put in place some sensible, actionable advice and strategy to get your business safe and compliant in this wonderful but threatening digital age.