The recent hacking of online adulterers’ service Ashley Madison, which saw the personal records of 37 million users stolen, caused headlines around the world – mostly due to the expected unveiling of hordes of cheating spouses. But the lesson small business owners should take from the security breach is less moral and more practical. No company, however large, is safe from online sabotage – and smaller firms are among the most vulnerable.
Thankfully, as of this month, SMEs can get help with cyber security thanks to a Government voucher scheme offering advice on improving an enterprise’s online defences and protecting intellectual property and new business ideas. The £1 million cyber security innovations vouchers scheme gives smaller companies the chance to get £5,000 towards the cost of hiring specialist industry experts to help with digital protection, something no business should ignore in the modern technological age.
Why cyber security counts
Almost all businesses rely on the internet to operate, be it transacting online, using the cloud to store data or sending sensitive information, such as confidential details or new designs, via email. We’ve talked before on this blog about how poor many SMEs are at protecting themselves against malicious or commercially-motivated cyber attacks. But the problem is only growing, both in terms of prevalence and expense for firms afflicted.
- Three out of four small businesses have had a security breach, according to new research by accountant PwC commissioned by the Department for Business, Innovation and Skills. This is up from 60 per cent of smaller companies affected last year.
- Attacks are getting more expensive for small firms, costing them anything between £75,200 and £310, 800 on average, the study found, up from a maximum of £115,000 in 2014.
- The financial services sector is the most frequently hit by security incidents, with financial firms encountering attacks 330 per cent more than those in other industries, according to a recent study by US firm Websense.
Types of crime on the rise
The digital world is one in which criminals are always several steps ahead of the security industry and the business community. With threats changing so quickly and frequently, it’s hard for companies to keep up. The PwC report found certain types of attack are becoming more common among SMEs in particular:
- Malicious software – what most think of as computer viruses – are on the increase, with more than a third of small companies complaining about this in the last year.
- About 16 per cent of SMEs have fallen prey to Denial of Service attacks in the last 12 months – occasions where their entire network is interrupted and rendered temporarily useless. Bigger firms have seen fewer of these attacks, however.
- More than a third of small companies suffered staff-related security breaches in 2015, up from 22 per cent a year ago. Inadvertent human error was blamed for about half of these incidents, while malice or fraud was the motivation for the remainder.
Lessons to be learned
One of the key messages from the PwC findings is that human beings are still often the weakest link in a firm’s security set-up. Whether it’s members of staff making mistakes, bosses not vetting workers when they first hire them or management failing to take cyber security seriously, people within the organisation are often the reason for something going wrong.
The answer, of course, is both to ensure employees are properly trained in cyber security protocol and for leaders to appreciate the risk presented by digital breaches. A third of businesses carried out no cyber security risk assessment in the last year, while almost 40 per cent of small companies don’t give staff any security awareness training at all.
The Government advises on taking a number of steps to shore up a company’s digital defences:
- Train staff throughout the organisation to recognise potential problems and how to avoid them.
- Make sure the business has proper, up-to-date malware protection, plus a secure network.
- Don’t forget any employees working remotely and ensure their path in to company systems is secure and hardware is free from any bugs or viruses. You may also want to manage user privileges, giving different people varying levels of access.
- Constantly monitor cyber security efforts to be confident all is working as it should be.
- Should the worst occur and a security breach happens, act swiftly to prevent the incident escalating and causing permanent damage.
Help and advice
There are a number of other sources of information for SMEs looking for further guidance on protecting against the perils presented online.
- The Cyber Essentials initiative, backed by Government and industry, offers self-assessment tests of a firm’s current systems, plus free information on beefing up security. Participating businesses can apply to use the Cyber Essentials badge to advertise the fact they work to a Government-endorsed standard.
- GetSafeOnline also has advice for businesses and individuals on using the web more safely. Plus, there are official factsheets available online for SMEs on tackling cyber security by creating strong passwords, ensuring software is updated and staff are adequately trained.
- A free e-learning course called Responsible For Information is available to small firms and their employees, giving examples of good practice, a basic introduction to keeping digital information safe and further background on cyber attacks and fraud.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net