Despite the opinion of many, cyber attacks are a real threat to small and medium firms across Britain. A survey by security firm Kaspersky Lab found that many SMEs don’t believe they are at risk, with 59% thinking the information their business holds is of no interest to cyber criminals.
Last year over a third of SMEs were victim to a cyber attack, costing on average £75k – £311k. The government is urging companies to take cyber security more seriously.
Phishing, insecure passwords and IT vulnerabilities among top threats
Phishing schemes and fake emails that trick people into revealing their personal details are still around and are more sophisticated than ever. Insecure passwords are also a top risk, with employees using the same or similar passwords for multiple platforms, often without ever changing them or sharing them with colleagues.
Network vulnerabilities allowing in viruses or other malware, have affected 45% of small businesses in the UK according to the 2014 Information Security Breaches Survey. Web applications are also susceptible to various attacks including remote code execution, SQL injection, format string vulnerabilities, cross-site scripting (XSS) and username enumeration.
Involve staff, train and educate
It is vital that organisations have a strong understanding of the kind of cyber breaches that may affect them. It is important to educate the business as a whole, so employees at all levels understand the potential risks. In many security breaches, there is some element of employee involvement, for example unauthorised access to data or systems.
Mentoring is often highlighted as an important step to educate staff, experienced IT professionals can offer invaluable advice and guidance about cyber security. Board members may also be keen to see the return on their investment into security, so involving them in training and reporting on improvements could be important.
Review, plan and be prepared
You often can’t move in today’s workplace for risk assessments, however completing one to review your cyber security is vital. It will allow you to plan and implement any changes to keep your business safe. As with any risk assessment, regular reviews are vital for keeping up to date and ahead of the game.
Prevention is better than a cure
Basic steps such as downloading software updates, using strong passwords, deleting suspicious emails and using antivirus software set you in good stead to prevent attacks. Other steps may include backing everything up so any lost data can be quickly restored. However it’s important to note that portable devices such as USBs and hard drives used to back up data, can themselves be a security risk.
Consider the actions of others. For example, clients and agencies may be a link into your organisation, and hackers can target human weakness as much as software vulnerability.
Smaller businesses can also be a link to larger organisations (they may be a supplier for example) so it might not be their data hackers are after, but rather a route to somewhere else. The UK economy is highly dependent on SMEs, however SMEs are also highly dependent on the internet and IT, which could potentially leave them at risk. There are many firms out there able to provide the security that SMEs need, and many SMEs that need extra security, but there often seems to be a gap between the two. Whether it’s a lack of communication or understanding or a feeling of complacency, businesses are legally responsible for the information they hold as well as having a moral responsibility to customers to protect their information. Cyber attacks are a real threat to all businesses, but with simple steps smaller businesses can protect themselves and be prepared.