These days, it isn't just large companies who are the targets of technological attacks. Andy Thomas, Managing Director of CSID for Europe blogs for SME on why businesses should care about their cyber security.
Small and medium-sized businesses (SMEs) in the UK are failing to protect themselves against data breaches despite the debilitating consequences to an SME’s revenue and reputation.
Research by CSID recently found that more than half (52%) of small firms are not taking preventative steps to guard against cyber attacks. This is a startling statistic considering PwC’s recent 2015 Information Security Breaches Survey, which found that 74 percent of SMEs have had a security breach in the last year (up from 60 percent in 2014) Increasingly, smaller businesses are becoming a target for hackers, breaking the common misconception that size exempts SMEs from data breach risks.
In addition to the most obvious consequences of direct revenue loss and reputation damage, a data breach also carries a significant opportunity cost. It is a lengthy and time-consuming process for an organisation of any size to recover from a data breach. With these considerations in mind, it seems staggering that more than two thirds of UK small businesses do not have a disaster recovery or business continuity plan in place.
So, that’s the bad news. The good news is that SMEs can employ accessible and affordable cyber security protection. To implement a policy does not have to be prohibitively expensive nor does it have to mean an increase in headcount.
Many SMEs may not have budget for an in-house IT specialist at their disposal, but there are other measures that they can take to avoid risks. It boils down to awareness, education, monitoring and damage control.
The information is out there for those who take the time to look. Smaller businesses should contact their ISP and hosting providers to ask for advice and find out which services they offer to boost their cyber security. They should also contact insurance brokers and their bank managers to understand that type of protection is offered to them to help recover in the event of a breach.
Your employees can be the weakest link when it comes to a data breach. It is crucial to continuously educate employees about the importance of workplace security and select vendors with solid security reputations. Businesses should create and enforce password, Bring Your Own Device (BYOD) and social media policies from day one. The more educated the workforce is on the importance of security, the more likely they will be to employ better online habits at work as well as in their personal lives.
There is a range of software solutions on the market that can help SMEs monitor their cyber security. Anti-virus solutions increase protection against malicious malware and VPNs can help protect data when conducting business outside of the company network. Businesses should also consider a monitoring service to keep track of your SME’s overall health and mitigate the risk of breach, like monitoring customer credentials to detect fraudulent activity in advance.
No matter how unlikely the threat seems, it is always advisable to have a breach preparedness plan in place. Although a damage control plan may not reduce the cost of repairing the data breach, it helps keep customer relationships intact and reduces business reputation damage.