The State of Cyber Security For Small BusinessesJuly 7, 2015
Cyber criminals are always on the lookout for new technologies and skills that will help them hack and steal from individuals and organisations across the globe. Unfortunately these criminals are, more often than not, extremely well-funded and as a result well-motivated and very busy! This makes it a lot harder to keep them at bay.
It has been estimated that on any given day, cyber criminals churn out approximately 250,000 new variations of viruses. They have a constant drive and determination to steal sensitive data and this has led to many companies falling foul of their efforts.
No company is safe, even big companies such as Uber and eBay, who have both fallen target to hacks recently. However, this cyber activity is even more of a problem for smaller companies, who, whilst not achieving the same amount of coverage in the press, still get hid very hard by cyber criminals. Smaller firms simply do not have the financial backing and resources of larger firms to protect themselves.
This is something that Maxim Weinstein, Security Advisor at Sophos recognises, stating that small firms are: “exposed to many of the same attacks as much larger enterprises, yet they don’t have the security expertise and resources available to those larger firms.”
Sophos reports that approximately 30,000 sites are targeted by cyber criminals every day and that the vast majority of these sites will belong to an SME. Research from a survey by PWC reports that fending off and responding to a hack or cyber security breach can cost small companies anything from £65,000 to £115,000! The worst news is that small companies often have to fend off or respond to about six of these breaches a year, which means their costs rise steeply!
Small companies are often a lot more focused on keeping their customers happy, finding new business and just running through the day to day activities that keep their businesses functioning. This means that Cyber security, unfortunately, comes a lot further down their to-do list.
SMEs need to focus on safe cyber commerce
It is now incredibly rare these days for a company not to be heavily reliant on technology, whether this involves payments, stock inventory or a website, amongst many other things. However, despite making good use of technologies such as apps, smartphones, websites and social media, smaller companies do not necessarily have the IT knowledge and skills that larger companies do, which means they may well be leaving the digital side of their business extremely insecure.
Any company can be a target for cyber hackers, small or large, no matter how advanced your cyber security. It is therefore very wise to seek advice from an external cyber security source, something that Steven Harrison, lead technologist at IT services firm Exponential-e advocates, stating:
“In the same way they don’t run their own bank or accountancy firm they shouldn’t run their own security operation.”
The cost of cyber security
The government published figures about 18 months ago that reported SMEs with 100+ employees spent approximately £10,000 per year on their cyber security, whereas the smallest SMEs (20 or less employees) spent about £200.
At the absolute minimum, an SME should invest in the following: anti-virus software, a firewall, spam filters on their email gateways, and they should always keep their devices up to date. These are very basic security levels but will help to prevent attacks from the great majority of low level viruses that cyber criminals are constantly turning out.
Alongside these figures, the government also offered advice as to how SMEs can gear up their cyber security in a 10 step programme. This programme emphasises getting the basic stuff right, whilst following simple steps such as keeping software up to date, installing the most trusted software, and following good practice.
It is important to have a good understanding of how company data is stored and used, and how it flows through the system, i.e. to suppliers, customers and the company itself. Having this understanding will ensure you’re more capable of preventing such data leaking out or being stolen, and, worst case scenario, will help you limit the damage should an attack occur.
Finally, SMEs should always have a plan in place for when they are hacked, data is stolen or sensitive company information misplaced. As the old adage goes it is better to, ‘prepare for the worst, but hope for the best’.