Last year, half of UK SMEs were hit by a cyberattack and 10% experienced more than four attacks, according to a survey by Barclaycard. It’s no wonder most UK CEOs named cybercrime as one of the top three threats to their business this year.
SMEs might be lulled into a false sense of security when it comes to cyberattacks. They think they’re less at risk because they don’t have a high profile or much data to steal. But every business that holds sensitive information such as customer contact details, bank or credit card information, in a digital format, could be targeted. The worst security breaches cost SMEs between £65,000 and £311,000 last year, a price few will want to pay.
Cyber threats are constantly evolving and increasingly sophisticated, so it’s easy to see why over half of SMEs feel they lack the knowledge or expertise to protect themselves better. However, having a robust cybersecurity strategy in place can go a long way to counteract the risks SMEs face.
How to implement a cybersecurity strategy:
1) Storage systems are increasingly vulnerable to threats and attacks.
If you’re storing your data in the cloud, then look for standards and certifications - such as those of the Storage Network Industry Association - that have emerged to set good practice and robust security levels. But take care to strike a balance between security and accessibility.
2) Back Up Everything
Have a strong and reliable backup strategy in place that not only backs up your servers but all your computers and mobile devices too. Don’t just back up data - many solutions also take regular snapshot images of your computers so you can restore a machine quickly with all its previous settings and configurations.
3) Prepare a Disaster Recovery Plan
All businesses should have a disaster recovery plan that outlines how you will run your business after an unplanned event. We often think of disasters like fires or floods, but your disaster recovery plan can protect you from a huge range of unpredictable incidents such as power outages, cyberattack, theft, key staff unable to get to work due to transport disruption, etc.
4) Prioritise IT Maintenance
Update your operating systems and applications with the latest patches and updates as soon as they are available. Cyber criminals will look for weaknesses to exploit so if your systems are up to date, you’ll be better protected.
5) Get to Grips with Cloud Computing
Understand the different types of cloud storage and their security implications. Services such as Dropbox, iCloud or OneDrive may be fine for your business, but you may want to use cloud services that offer more advanced security options.
6) Find Solutions for Remote Working and ‘Bring Your Own Device’ (BYOD)
Most businesses have staff working remotely and even using their own devices to access documents or emails. Make sure you have the right solutions in place to give them secure access to your network and keep your business data separate from their personal data.
7) Train Your Staff
Your people could be your biggest vulnerability. Half of the worst security breaches last year were down to inadvertent human error, so raise awareness of your cybersecurity strategy with regular staff training. Sending links or attachments in emails is one of the most popular and successful tactics hackers use to gain unauthorised access to IT systems. Called phishing, or spearphishing, it’s thought to be the way that hackers accessed the medical records of the world’s top athletes from the World Anti-Doping Agency (WADA) after the 2016 Olympics. If your staff use strong passwords, are vigilant with confidential information and avoid clicking on links or attachments in emails, it will give your cybersecurity a huge boost.
PWC predicts that while cybercrime has seen double-digit growth over the last five years, the number of breaches will increase further as more devices connect to the internet as part of the Internet of Things revolution. So the chances are that you will have to deal with the aftermath of a cyberattack at some point.
If the worst happens, act quickly. First, assess the damage and secure your systems. Then you’ll need to investigate what happened and notify everyone affected, along with any regulatory bodies you are legally obliged to inform.
Your cybersecurity strategy should be an integral part of your overall IT strategy. This will give you a comprehensive approach to mitigating the risk from the growing and evolving threat of cyberattacks.