Who would want to attack me?
Perhaps surprisingly, quite a lot of people. Recent trends show that cyber-attacks on small businesses are on the increase – according to reports by Small Business Trends, 43% of cyber-attacks are targeted towards SMEs.
It might be tempting to think that your business has little in the way of value for hackers in comparison to the Talk Talks and Yahoos of the world, but the fact of the matter is that your business has systems which hold data, making you an attractive target for cyber criminals. Think of it this way – anything your business can leverage to make a profit, so can hackers. Email addresses, phone numbers, and billing addresses, for example, are pieces of data that many small businesses store. These might seem inconsequential, but in the hands of the right people, they could provide a tidy profit at your customers’ – and consequently your – expense.
What’s more is that small businesses are generally easier targets. Despite many high profile cyber-attacks taking place over the last year or so, small businesses don’t appear to be motivated to do anything to prevent breaches of their own data. Small Business Trends also reports that while 58% of SMEs are concerned about cyber-attacks, 51% don’t have any budget allocated to mitigate risk. A significant number are also following poor security practices, with only 38 % regularly upgrading software solutions and 22% encrypting databases.
Why should I care?
Figures suggest that 60% of SMEs which are hit with a cyber-attack go out of business within 6 months. With the GDPR looming, the risk of going out of business runs even higher, as businesses who fail to comply to regulations run the risk of being hit by heavy penalties – up to 4% of global turnover or €20 million, in fact.
The most recent figures suggest that nearly half a million small businesses don’t have a clue about the new data rules under the GDPR, and as there’s now less than a year to go until the biggest shake up to data protection laws for two decades, many businesses are simply setting themselves up to shut up shop over the next few years. Businesses are even liable if they are not the data handler, meaning that if you come into contact with the data or EU citizens in any way, you’re going to need to invest in a cybersecurity solution. And quickly.
What can I do?
There are a few things that small businesses can do (and in reality, should already be doing) in order to mitigate risk.
Invest in cybersecurity
This is a key step and is important as ever. Why? Small businesses are increasingly embracing the benefits of cloud technology but are still dragging their feet on security measures, with many not even having the most basic security measures in place.
As such, preventative measures and a good responce system are rapidly becoming essential for SMEs. However, for businesses of a certain size it can be difficult to find the perfect fit – our new MidGARD platform is available as a dedicated Small to Medium Enterprise Solution, called “microSOC”, designed to bring the quality of an Enterprise -class platform at a price and size needed for SMEs.
According to a report last year, 62% of incidents reported to the ICO were caused by human error. Humans are, unfortunately, the weakest link in any business’s cybersecurity defence, and so taking the simple step of training your employees can help to significantly mitiage risk. Training on how to recognise phishing emails, the risks ‘bring-your-own-device’ (BYOD), and how to securely share and dispose of data are key in eliminating costly mistakes.
Having cyber essentials in place
Cyber Essentials is a scheme designed by the Government to make it easier for businesses of all sizes to protect themselves against cyber-attacks. It’s made up of five security controls to protect the most common cyber threats, including firewalls and Internet gateway, access controls, and malware protection. Find out more about the cyber essentials here.
Want to know more about how you can protect your small business? Get in touch with our experts here.