Flip a Coin and See if Your Business will Survive a Cyber Security Incident

Whenever people think of cyber security, it brings to mind images of shadowy hackers working in a darkened room, attempting to break past the defences of their intended victims.

The reality is quite different. The majority of cyber-crime is the result of carefully planned and well executed activity. It uses increasingly sophisticated techniques to target both individuals and organisations.

According to the Federation of Small Business, ‘despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber-crime”.

Threaten business survival

There are still some business owners such as sole traders or newly formed limited companies that think they are too small to be of interest to cyber criminals. Think again. In addition to financial crime such as subverting payments, access to sensitive information can be highly sought after.

According to CSOonline it is estimated that as much as 60 percent of small companies go out of business within six months of a cyber-attack. That’s almost the same odds as flipping a coin and calling ‘heads I stay in business’ or ‘tails, I go out of business’.

It, therefore, pays to think about how you can boost your cyber defences. There are many practical steps that will lower your cyber risks. The good news is that lots of these are process-oriented and can be achieved without spending a lot of money.

Why are small businesses at risk?

According to the Federation of Small Business, cyber breaches cost the average small business £25,700. They are seen as an easy target as small businesses naturally don’t have access to dedicated cyber protection resources. Basically, wherever there are computers, hardware or software or any kind of digital data, there will be potential cyber security risks. How well your digital assets are protected will determine the level of risk that you face.

It is useful to understand some of the areas that might be at risk.

The most obvious target to compromise is part of your IT infrastructure. This is made up of your computers (laptops, desktops, servers, tablets as well storage devices like USB drive and flash cards) and even smart devices like printers and scanners.

In the marketing department, a customer relationship management (CRM) or an email marketing system has sensitive data about your customers and prospects. HR and Payroll systems contain personal information on current and past employees.

Finance systems such as accounting, internet banking, Direct Debit or payment systems are highly valuable targets both in terms of gaining access to the system to steal the data but also in terms of circumventing controls over how and when payments are made.

The cyber gap for small business

After the introduction of the General Data Protection Registration (GDPR), awareness amongst small businesses of data security issues went up sharply, but only 28% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.

This is a worrying gap.

So, where do you start if you want to close this gap? The National Cyber Security Centre contains a checklist that can help you create a solid cyber security plan for your business. Below we cover some of the key issues to think about.

Education means prevention

Even experienced business people still make basic errors such as clicking on links in emails or using weak passwords. There is an on-going internal education challenge to make everyone in the organisation aware of the risks and their responsibilities.

Many large companies now make cyber security training a mandatory requirement for staff, e.g. via an e-learning course. Small businesses might not have the resources or budget to do this but you can make it clear to staff that they are all responsible for their actions online and when using internal systems. If you can make them feel like they part of the solution as a ‘data guardian’, you will go a long way to cutting out some of the common mistakes that lead to a cyber incident.

Secure your passwords

Many people use the same password to log into multiple accounts online. Check your personal and work email address at website www.haveibeenpwned.com which will tell you if your details have featured in a data breach.

If you find that your details are on here, then change your password immediately. Always follow these tips for good password management. Never share your passwords and login details with anyone. Secondly, choose a strong password, with a mix of upper and lower case characters, numbers and special characters such as !£%&* or combine three non-related words such as LaptopTulipPicture.

Thirdly, if you have to sign up for an online service, then create a separate email address on Hotmail or Gmail with a unique password that you only use on that account. Use this for verifying your identity or when you need to complete a web form to receive further information via email.

Other good practices include mandating staff change passwords on a regular basis or set a minimum of 16 characters for passwords which then doesn’t need to be changed.

If you are struggling with multiple passwords, you might want to consider an online password manager that helps with secure access such as the free Lastpass system.

Conclusion

Company size is irrelevant when it comes to cyber security. Small businesses face the same risks as larger businesses and what’s more, they have to deal with the threats coming their way without the same level of resources open to larger organisations.

Getting your cyber defences right requires you to find the right balance between implementing processes and technology and educating your staff on good practices and not hindering people from doing their jobs by making things processes overly complicated.

In the next article, we’ll look at some vital ways in which companies can secure their systems, minimise external cyber risks and counter the threats caused from within the organisation.