Cyber security – small businesses are aware of the current threats – yet why are they still not taking steps to address this?
The instance of cyber threats is increasing, and it is now frequently reported in the news. Talking to businesses recently they say they are all aware that the threat is increasing, but yet they are still not taking the first steps to secure their businesses. If you knew there had been a spate of burglaries in your area, you would make sure you had locked your doors and windows, or even added additional security measures.
With this is mind I asked a few businesses why they felt there was a gap between this awareness and action to put preventative measures in place. Some of these are included below:
“I’m too small to be a target…
…. this only happens to the large organisations in the news.”
The majority of breaches (80%) are not targeted but are opportunist. So the reality is at some point, without implementing the basics of cyber security – small businesses will be at risk of suffering a cyber security incident.
Small businesses , though, can also be part of a targeted attack because they are part of the supply chain for larger companies. They may provide a less secure route to enable cyber attackers to gain access to the more secure larger entity. The Target breach, where 40m customers card details were stolen, was through one of their suppliers. The hackers targeted an air conditioning company who had a portal into Target’s network. Once in, they escalated privileges, meaning they could access which ever areas they chose, until they were able to steal card data from the POS devices.
The government has warned that small professional companies, such as accountants and solicitors, could be targeted and used as part of a lateral attack to gain access to their client’s information.
“I don’t want to pay for a problem that is not of my making…”
Unfortunately, with the convenience of the internet comes the inconvenience of having to secure your systems. You now have access to a world of information and connections, but the reverse of this is they also have access to you, unless you secure your business against unwanted intrusion.
We don’t think twice about locking our doors and windows when we leave our homes or businesses, and may also take the extra precaution of having a burglar alarm fitted. By securing our business against cyber threats we are effectively locking the doors and windows. Secure systems are a deterrent to the opportunist cyber attackers, in the same way that a burglar alarm is. Unless you are their specific target, they will move on to an easier opportunity.
“I have a limited budget and this does not enhance my revenue…
…..but I also know that the cost of a cyber breach could be far more expensive.” The cost of a cyber breach is two fold. It includes the cost of getting your business up and running, and also the knock on effect of reputation damage, this could cost you your business.
Implementing the Government backed Cyber Essential scheme could costs as little as £295 and protects against 80% of common cyber attacks, how much is all the hard work you put into building your small business worth?
Cyber Security – small businesses – next steps
There are some simple steps you can take to protect your business against 80% of the most common attacks, and start you on your journey to securing your business.
Firstly, make cyber security your priority as a business owner. It needs to be addressed, and the business owners need to take responsibility for getting this done.
Educate your staff about the current threats and how to avoid them. There are some useful tools on line on the governments Get Safe on line website, or organise a lunch time workshop with your staff.
Do the basics and implement Cyber Essentials. These key 5 controls are simple to implement and make sure you do the basics, they are effectively good housekeeping. Not having these in place leaves you vulnerable to 80% of the most common cyber security threats.
> Start now! Need Cyber Essentials Certification in a hurry?