Why SMEs need better cyber security
Let’s be honest. In many cases, cyber security for small business often stops installing the paid version of antivirus software in your laptops. The argument for this approach goes something like this:
“It’s too expensive to get proper IT support: besides, nothing bad will happen to me anyway.”
But in the last year alone, ransomware attacks have grown by almost 500%. Smart home gadgets on the Internet of Things (IoT)* were found to make up 96% of all vulnerabilities, while the number of malicious or unwanted applications grew by 320%. And with so many people working from home via their own wi fi, smart TVs have also proven to be particularly vulnerable.
The truth is that small business owners are often more at risk of cyber attack because they are not as secure as larger organisations. And cybercriminals tend to follow the path of least resistance.
Of course, the irony is that SMEs find it more difficult to recover from a severe cyberattack once it occurs. The smaller the company, the fewer resources they can put into data backup and recovery if there’s a breach.
The reality of cyber security for small businesses
When you fall victim to cybercrime, the consequences often reach beyond the expectations of many small organisations.
There is the inevitable disruption to your business caused by parts of your system going down. Perhaps you’ll need to recover data. If it’s ransomware, you might be forced to pay to have sensitive information decrypted. But there’s no guarantee that the cybercriminals will actually do it. They may have stolen your data for their own nefarious ends. Or they might be scamming you out of money.
You may have to notify any affected parties about the loss of personal data, which can have a long-term impact on your reputation. You’ll also have to tell the Information Commissioner’s Office, which supervises data protection in the UK. They can then take your equipment away as part of their investigation – which means more disruption. And if they find negligence or malicious behaviour, you could face a hefty fine or even jail time.
One SME owner told me that after they had suffered a security breach, they ended up losing one of their most valuable staff members. She was under so much stress as a result of the cyberattack that she left her job.
Reducing the cyber threat to small organisations
Cyber security is not an IT problem. It is an organisational one. And there are several steps you can take that are both cost-effective and protect your business from cyber attack.
Firstly, you need to have a proper, physical firewall device installed in your network. This is not the same as having antivirus software on your computer. Frankly, not having a smart firewall device in your businesses is like not having a front door on your house. It doesn’t just stop malicious actors from hacking into your system. Your firewall device will track all the traffic on your network and make sure devices aren’t being hijacked.
You also need to segregate your Wi-Fi into at least two separate zones. Keep one reserved for guests, visitors, sales reps etc., while having a separate network for the rest of your office. A password should protect both with a minimum of 20 random characters. Because there are bots out there that can crack anything less in about 8 minutes. Other tactics include whitelisting, meaning you can physically identify and restrict the devices allowed to connect.
But your ability to reduce the risk of a data breach requires a LOT. By that, I mean it needs a layered approach consisting of Legal, Organisational and Technical protection.
- Having the right NDAs in place with your staff.
- Properly segregating duties and responsibilities.
- Installing a good antivirus and ensuring regular software updates on everything from your laptop to your mobile device.
For more on this, download our Cyber Security Booklet today.
Learn more about how you can make the most cloud services to support, enhance or protect your IT infrastructure. Contact us for a free trial or demonstration.
*IoT devices are devices that connect to the network but without the benefit of either an operating system or an antivirus. On the home front, these could include smartwatches, fitness bracelets, doorbells, fridge cams, medical devices etc. In the work environment, security cameras, printers, production line sensors, and instrumentation. As these devices become more popular, they have equally become more and more of a security risk.