It’s shocking that more than 4 in 10 UK businesses (43%) have suffered a cyber security breach or attack, according to government data collected in 2017/2018. The majority of UK businesses now benefit from some type of digital service or communication, from simple emailing, to online banking or offering online purchasing. However, along with the benefits, small businesses need to be aware of the growing threats of cybercrime and take steps to increase their cybersecurity.
Don’t ignore cybersecurity
Too many small businesses are putting their heads in the sand when it comes to protecting themselves against cyber-attacks. Gone are the days of simply installing an anti-virus tool and hoping for the best. In the non-digital world, business would not dream of leaving doors unlocked, leaving tills open or leaving customer data and other confidential information lying around. Yet when it comes to their ICT (information and communication technology) businesses too often just muddle through without seriously the taking steps needed by every professional business.
Here are the top five reasons why SMEs need to take action against cybercrime:
1. Cybercrime is on the increase
Cyber threats are real and evolving all the time. Cybercrime is reported to cost UK business £29 billion per year. Organisations of all sizes are finding themselves the subject of malicious viruses, ransomware, phishing attacks and data theft – a Denial of Service attack can severely reduce traffic to your firm’s website. Data breaches are thought to be increasing in organisations where there is not sufficient password protection, where staff use their own devices (known as bringing your own device, or BYOD) or where cloud computing is used.
2. Your business could be crippled by cybercrime
A targeted cyberattack could cost you financially, for example through bank or invoice fraud or being held to ransom. The average (mean) cost of breaches with a material outcome is: “ £3,100 for businesses and £1,030 for charities. This is much higher for medium businesses (£16,100) and large businesses (£22,300). Moreover, the estimated total cost of breaches has consistently increased for medium businesses specifically, even when including breaches that do not result in lost assets or data(from £1,860 in the 2016 survey and £3,070 in the 2017 survey, to £8,180 in 2018).” (Data from the Cyber Security Breaches Survey 2018 , commissioned by the Department for Digital, Culture, Media and Sport)
Your business will also suffer through loss of productivity due to downtime – for example, you may not be able to access emails, orders or customer details. Big firms who have experienced cybercrime have found that they suffer huge reputational damage too, resulting in customers avoiding them for fear of their own details being breached.
When the worst does happen, would you know how to go about recovering information or enabling your business to continue after loss of key information through a malicious attack? It’s a concern that 43% of small businesses don’t have a business continuity, disaster recovery or crisis management plan in place . The high cost of cyber attacks is often due to the time it takes to resolve.
3. All UK businesses need to comply with data laws
Importantly, in the event of a data breach, whether criminal or staff error, your business could also face legal penalties. Under the new GDPR (General Data Protection Regulation) laws brought in May 2018, any UK business not adequately protecting its data is liable for fines by the Information Commissioner’s Office. The GDPR sets out how data should be stored and used by organisations.
4. No SME is too small
Size does not always matter to cybercriminals. Just think of the numbers of individuals who are defrauded on the internet. It’s tempting to think that criminals only target larger firms. Certainly data breaches in big firms such as Facebook and British Airways have been hitting the headlines. However, if you are large enough to attract customers then criminals will be interested in you too.
No business is too small to attract the attention of cyber criminals – if you have customer data such as banking details or rely on computer networks to transact business then you have information which cybercriminals want. In fact, SMEs often have less adequate cybersecurity than larger firms making them more vulnerable and they are also more plentiful in number. SMEs can have a false sense of security about cyber threats.
5. Staff error and lack of training can lead to cyber breaches
Small businesses often lack the skills and time needed to address computer security issues. Inadequate passwords, lack of knowledge about security protocols or failing to recognise malicious and phishing attacks can all result in threats to your business. It’s been reported that 88% of data breaches in the UK in the last two years were due to human error. On top of this, a cyber skills gap in the UK has been noted recently making it even harder for firms to employ cyber aware staff.
Steps to improve cybersecurity
While the consequences of cyber threats are worrying, fortunately there are many steps which businesses can take:
● Install effective firewall and antivirus software
● Ensure your data and communications are encrypted
● Keep up to date with installing software updates including on BYOD devices
● Follow advice given under the Cyber Essentials Scheme , a government-backed, industry-supported scheme to help organisations protect themselves against common online threats. Since 2014, the Government has required all its suppliers involved in handling certain sensitive information to be certified against the Cyber Essentials scheme.
So in your end-of-year spending reviews and plans for the next financial year, be sure to cost in some cyber security.
Investment in digital protection will:
• Make it harder for cyber criminals to target your business
• Give you peace of mind to get on with running your business
• Ensure that there are no nasty surprises which reduce your profits
• Save you valuable time trying to put things right once you have experienced a cyber-attack.
It can be much cheaper than you think to consult a reliable and professional IT services to ensure your cyber security is up to date.
360ict Ltd is an experienced IT services company which helps SMEs to stay safe online and remain complaint with data protection laws. This London-based company offers SMEs an on-site review of data security as well as advice and support for a variety of ICT requirements.