Cyber attacks are nothing new. We tend to only hear about the big stories (viz the TalkTalk hack in 2015) but can we remain complacent that it will never happen to us?
KPMG and BT (in their paper “Taking the offensive. Working together to disrupt digital crime“) believe that only 22% of large corporate businesses believe they’re prepared for a cyber-security breach and about 25% don’t even discuss it at board level. If these large corporations aren’t prepared, what about the rest of us running small and medium sized businesses without the corporate sized budgets?Only 22% of large #business are prepared for #cybersecurity breaches says @kpmg & @bt_uk Click To Tweet
The Office of National Statistics believe that in a four month period in 2015, 2.5m cyber crimes were committed – a figure the National Crime Agency debunked at a recent ISPA UK Cyber Security Summit as being somewhat smaller than the probable number, due mainly to under-reporting by those affected. The NCA also commented that the most significant cyber-security threats in the future are going to be caused by increased availability of cyber-criminal toolkits, increase in denial of service (DDOS) attacks and a rise in data-theft related fraud: even if we’re not the direct victim of an attack, we may find ourselves victims of fraud caused by our data being illegally obtained due to another organisations inadequate security.DDOS and data-theft related fraud set to rise say @NCA_UK at @ispauk #cybercrime summit Click To Tweet
If that’s not enough, as I’ve written before the main threat to any business is generally regarded as being it’s employees. A point recognised by the DCMS (the UK Government department responsible for driving the digital economy, an economy that needs protection from cyber-crime) at the ISPA Summit and if it’s not due to human error it can be by disgruntled employees.The #cybersecurity threat lies within your business - are you prepared? Click To Tweet
So where does this leave us?
The bottom line is that we are all at threat from cyber-crime, the choice is whether or not to do something about it. This can be as simple as an out of date WordPress plugin on our website (something widely considered to be the cause of the Panama Papers breach) or a targeted phishing or malware attempt.
And, with new legislation in the pipeline from Europe (and yes it’s still likely to be relevant, even with us leaving Europe) in the form of a new data protection law (the General Data Protection Regulation) and the Network and Information Security Directive we all need to be on our toes when it comes to network security and data protection.
The question you need to be asking yourself is whether you can afford to take the hit. Whilst you may be running a small business, the consequences for a breach could cripple your business. Deloitte reports in its “Beneath the Surface” report the impact of a cyber-attack on a business is much wider than regulatory fines or a public relations nightmare; the impact is much wider and of much larger value – the kind of impact that even the large corporate would struggle to shrug off.
The answer? Well that’s simple – you need to do everything you can to protect yourself both from a technical perspective and from protecting your business from the human-factor. Here’s four tips to get you started:
- Hold regular education and awareness programmes for your employees – don’t see it as a tick in the box exercise; it needs to be regular and adapt to changes in cyber-threats
- Make sure your internal networks and software are up to date
- Make sure you have all the legal protection you can both in terms of confidentiality agreements with partners and third party vendors and in terms of adequate insurance
- Sign up to the cyber essentials programme to make sure your business is protected.
Still happy you’ll not be a victim of cyber-crime? Get in touch to find out how I can help you mitigate your business’s cyber-threat.