25 September, 2017
How small businesses should invest in cyber security
Paying attention to cyber security should be a key concern for businesses of any size – and it needn’t cost the Earth.
The deluge of cyber-attack stories in the news is becoming commonplace. Recorded cyber crime cost the UK economy £10.9bn in 2015/16; and unreported crime could cost magnitudes more. For small businesses alone, the average cost per attack is around £3,000.
Fortunately, the level of attention criminals are paying to cyber crime is more than matched by those fighting against them. But for SMEs with limited budgets, securing themselves can be a tricky job.
The risks remain the same of course: DDoS attacks, ransomware, phishing scams or data dumping can lead to a loss of trust or even fines for data breaches – both of which can close companies for good.
With resources strained, the onus is on small-business leaders to invest shrewdly in technology and staff training, alongside their other responsibilities. But when it comes to cyber security, a little can go a long way.
Define your needs
Using a checklist such as the Government’s cyber-essentials questionnaire can help to calibrate your thoughts. It will also highlight ways in which you may have undermined your own security without
Taking a look around you is essential, too: talk to similar companies and study the way they are being affected. Then take steps to mitigate.
You are not a hacker; you are not a computer expert; you are a just a regular human. But, there are still simple steps you can take that can make a huge difference –
as Nik Whitfield, chief executive of cybersecurity company Panaseer, explains. “Activate firewalls on computers and access points to the internet,” he says.
“Maintain good passwords; activate two-factor authentication for hosted software services; remove unused user accounts; and ensure only administrators have full administrative access to computers.”
And importantly: “Run a reputable anti-virus product and ensure it automatically updates on a daily basis.”
For the next 24 hours, take note of the update messages you get on your digital devices; your operating systems may be out of date.
As Dr Mike Lloyd, chief technology officer at cyber-security analytics platform RedSeal, puts it: “Operating systems are more like milk than cheese – they get worse rapidly with age, not better.
“The WannaCry attack is a perfect example of the dangers of an out-of-date operating system. Using yesterday’s technology isn’t just inefficient; it’s a great big welcome mat, laid out to invite attackers.”
So, the key message is to update – and soon.
Judge a business by the technology it keeps
In the same way you wouldn’t let unscrupulous types enter your house, you need a certain degree of diligence around the technology you allow into your business. Introducing compromised technology to your broader system carries risk.
Consider the next person who wants to charge their phone on-site; they may want to charge that phone from their office laptop, which, because it is connected to the rest of your system, could become
a problem. You could consider providing staff with mobiles and computers as standard.
Short of that, every business should build a culture of security awareness. Take the load off management and instil a sense of responsibility in your staff around passwords, software updates and
navigating the internet with a degree of scrutiny.
There can be no such thing as security perfection; the landscape changes daily. But with the right technology, the right habits and the right mindset, you can defend against the worst.
Article source: The Telegraph (23rd August 2017)