It’s all very well talking about expensive technical solutions and spending time on processes and policies, but ...
...if you’re a small business, you’re unlikely to have the spare time or the extra cash to splash on lots of cyber security. So, you’re going to be looking for the most affordable and effective ways to manage an issue that is fast becoming the number one headache for businesses of all sizes.
There’s no doubting that there’s a problem. A report earlier this year by Forbes: Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats states that cyber attacks on small to medium sized businesses are becoming ‘more frequent, targeted and complex’. It quotes an Accenture study which found that 43% of cyber attacks are aimed at SMEs but only 14% have the right things in place to defend themselves. These statistics reflect the picture in the USA – but it is mirrored here in the UK, where problems like phishing and ransomware should be on every business’s risk register.
What impact does a cyber attack have on a small business? The most common impacts are:
- Significant reputational damage
- Potential ransom demands with serious financial consequences
- Damage to your IT assets and infrastructure
- Interruption to your day-to-day operations
- Insurance claims – particularly if you don’t have cyber insurance
- Regulatory issues, if you are supposed to meet certain standards for protecting your data
- Legal and civil claims for data loss or privacy issues.
For small businesses, these impacts can be difficult to recover from, and there’s a real risk that if your business is attacked by cyber criminals, it may not survive. In fact, a quarter of SMEs said they would not survive longer than a month if a cyber attack interrupted their ability to do business (InfoSec magazine), and in the USA, research shows that 60 percent of small companies close within 6 months of being hacked (CyberCrime Magazine). Research buy Datto, surveying 200 managed service providers in 2020, shows that two out of five SMEs have fallen victim to ransomware attacks.
What can you do right now?
We all need to take these risks seriously. Criminals are looking for easy targets, and SME businesses, sadly, present exactly the right opportunities. They have useful data, they are easier to compromise than robust international organisations, and they are more likely to pay up if a ransom is demanded.
Let’s start with five basic questions. If you can answer ‘yes’ to all of these, you’re in a pretty good position.
- Do you have endpoint security on all the laptops or PCs that your staff use, in the office or at home?
- Have you talked with your staff about their cyber security behaviour – for example, how they create and manage passwords, or protect company and client information?
- Do all your people know what to do if they click on a phishing link or find their PC acting strangely?
- Do you have a single point of contact to report an attack to?
- Do you know for sure that your security, including firewalls, antivirus and backups, are all in order?
If this list has identified any gaps in your basic levels of preparedness for cyber attack, act sooner rather than later – an attack really could happen at any time.
‘It will never happen to me’
Too often, we assume that our business is too small to be attacked. This is a key misapprehension that hackers gladly take advantage of. Target awareness, or lack thereof, is the biggest issue in preventing cybercrime. We are all targets. Hackers don’t care who you are: setting up an attack costs little effort and they can target many small companies, knowing they’ll get into many of them.
Luckily, just like your home security, a few key things will show a hacker that you’ve put some thought into protection. And that might be enough to make them move onto an easier target.
First, mobilise your people to be a strong first line of defence. The majority of attacks come via phishing attempts – emails, texts or messages that want you to click a link or open an attachment.
Unfortunately, once you’ve opened the wrong thing, the attacker is in. It may take weeks from there for them to set up their attack – but attack they will. So, your first position must be training your staff to understand their role in protecting the business – just one poor decision by an employee could spell the end of your business.
On top of that, think about putting a security-first culture in place. This includes simple things like locking laptops when staff are away, having a clear reporting structure for suspicious communications and working with your IT provider to put better security measures in place. This will help you not just to mitigate the risk of attack, but show your employees, customers and other stakeholders that you are taking cyber crime seriously.
This can be done as part of your IT policies and without a huge investment in time or cost, whilst giving your business more protection from attack.
To find out how our affordable training can change the behaviours of your staff, helping to protect your business against attack, contact us today. Remember – your people are your first line of defence.
Sign up below to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
You can also watch our demo by clicking the link below.