9 Things SMEs Need to Know to be Cyber Aware



Cyber crime is becoming an increasingly visible threat with one in four UK businesses reporting a cyber breach or attack in the past 12 months*. Understandably, customers are more concerned than ever about protecting their personal information online, with a growing expectation for security advice from trusted sources. As such, businesses have a responsibility to keep sensitive information secure.

The internet has revolutionised how many of us live and work, bringing huge business opportunities too. With more than 3 billion users worldwide, it is powering economic growth, increasing collaboration and innovation, and creating jobs. The digital world we live in allows businesses to work faster and smarter, across the world and 24 hours a day. However, this means we are more vulnerable than ever to a cyber attack. These attacks carry the threat of theft of information, as well as disruption to businesses. Therefore, it is increasingly important for businesses and individuals to manage these risks if they want to continue to enjoy all the benefits the online world offers without running the risk of being unprotected.

The impact of a cyber breach can be huge; there’s the time and money you could lose through having to fix your systems, the potential loss of custom, short and long term damage to your reputation and further devastating consequences of somebody else getting their hands on your data. 

However, protecting your business from hackers and threats does not have to take a lot of time and effort but instead we can all take some simple yet important steps. Cyber Aware is encouraging small businesses across the UK to do two simple things which can help improve their online security – using strong passwords made up of three random words and always downloading the latest software and app updates.

At the most basic of levels, these steps can help to keep you secure online.

The below steps can help you and your business to be more Cyber Aware:

  1. Consider whether your business could be a target - this will indicate the level of risk your business is exposed to. Ask around to see whether any of your suppliers, major customers or similar businesses in your area have been attacked, so you can learn from their experiences.
  1. Know whether you need to comply with personal data protection legislation and Payment Card Industry compliance (click here for further information and see page 13.)
  1. Identify the financial and information assets that are critical to your business, and the IT services you rely on, such as the ability to take payments via your website.
  1. Assess all the IT equipment within your business, including mobile and personal IT devices. Understand the risks to all of these things by considering how they are currently managed and stored, and who has access to them.
  1. Assess the level of password protection required to access your equipment and/or online services by your staff, third parties and customers, and whether it is enough to protect them. Ask staff to use different passwords for different accounts, including email and social media.
  1. Ensure that your staff have appropriate awareness training, so that everyone understands their role in keeping the business secure. Decide whether you need to make an investment, or seek expert advice, to get the right security controls in place for your business. You could seek advice from accredited security consultants, internet and managed service providers or even your web designer if they have the capability.
  1. Consider who you could turn to for support if you are attacked, or if your online services are disrupted in some way. Define what your recovery procedures would be, and how you could keep your business running, particularly if you trade online.
  1. You may like to consider whether cyber insurance could protect your business against any impacts resulting from a cyber attack. Protecting key information is of critical importance to the sustainability and competitiveness of businesses today. Thinking of your cyber security as a risk management issue rather than an IT issue, will lead to strategic, financial and operational benefits for you and your company.
  1. Drive change in your organisation. Use Cyber Aware messaging to remind employees to think about their own cyber security. Not only will it help change behaviours, it has clear reputational benefits for your business.

More information?

Vistage is proud to be supporting Cyber Aware - a cross-government awareness and behaviour change campaign delivered by the Home Office in conjunction with the Department of Culture, Media & Sport alongside the National Cyber Security Centre, and funded by the National Cyber Security Programme in the Cabinet Office. 

Find out more about how to stay secure online visit cyberaware.gov.uk/protect-your-business and follow the conversation on Twitter @cyberawaregov

*source: Cyber Security Breaches Survey 2016, Department for Culture, Media & Sports. 

** Source: https://www.ncsc.gov.uk/guidance/10-steps-board-level-responsibility 

More from Vistage:

Vistage Internet of Things Download