If you run a small to medium-sized business and have asked the question, should I be worried about cybersecurity? The answer should be a resounding, yes. The good news is that attitudes are changing and there is a move towards a more proactive than reactive approach to avoiding a future breach.
A government report in 2019 revealed that 32% of businesses identified a cybersecurity attack in the last 12 months. This figure is down from 43% the previous year. One of the reasons for this new mindset is the introduction of the General Data Protection Regulations (GDPR). With fines of up to 4% of annual global turnover or €20 million, cybersecurity is now everyone’s business.
As a result of the strict new laws, 30% of businesses and 36% of charities have made changes to their cybersecurity policies and processes. Unfortunately, this has made SME’s who don’t have the luxury of big budgets and unlimited resources a target. A worrying 43% of SMEs in the UK have experienced a phishing attempt through impersonation of staff in the last year.
As we all embrace connected living and bring a variety of devices into the office, our thirst for more connectivity is also increasing risks for businesses too. When you also add fraudulent emails, viruses, spyware, ransomware, and malware into the mix, it’s easy to become overwhelmed with your security responsibilities.
However, many cybersecurity practices can be put into place without breaking the bank. Protecting your company from being a victim of a breach is much more about changing the mindset in your company culture than throwing money at an expensive solution. Here are a few steps you can take to bolster your cyber defences.
Educating Your Employees
The traditional approach to cybersecurity begins with the assumption that everything internally within a business is safe while everything externally is scanned and distrusted from the outset. However, the reality is that employees represent the most significant vulnerability in organizations across every industry.
The problem is seldom the result of a malicious insider stealing or corrupting company data. Employees are often the cause of a high-profile data breach or malware attack without even realizing it. But when was the last time your staff was briefed about the dangers of losing a flash drive or opening an email that is infected with malware?
The IT security team, the staff with easy to hack passwords and the employee that innocently opened an infected link or attachment, all play a role in keeping your business safe. These are just a few reasons why all business needs to make cybersecurity everyone’s responsibility rather than just another box-ticking compliance exercise.
Regular communication around the potential impacts of any potential cyber incident is crucial. Educating your staff through regular security sessions will also help them identify and respond to a cyber-attack. All of these methods can be achieved without going over budget.
Enforce safe password practices
Weak, default, and stolen passwords are the cause of 63% of data breaches. Ensuring that every employee uses best practices with passwords that contain both upper and lowercase letters along with at least one number and one symbol should already be standard practice.
However, you also need to remember that attackers will be scouring your network looking for the weakest point of entry. Very often, this can be a photocopier, printer, or any office equipment that has had the same weak password for several years.
Ensuring that every login from a human or a machine has a secure password that is regularly changed should be relatively easy to implement. Once again, this simple method can dramatically improve your cybersecurity without the need for a considerable investment.
Data Breaches. There’s a security patch for that.
It’s easy to get distracted by the pressures of your day to day activities. Every business will be heavily reliant on several applications and securing downtime to implement security patches can be notoriously tricky. But the reality is that its something that you can no longer afford to ignore.
Many data breaches are caused by flaws in the security of your software. But they could have been easily prevented. Software vendors provide security patches to fix vulnerabilities, but they can only be effective if you use them.
Computers, servers, payment terminals, operating systems, browsers, and your software applications can all add risk to your business if not regularly updated. But with a well thought out security patch and update strategy, you can help ensure that your entire software estate and network are protected against future attacks.
Cybersecurity can be a big problem for small to medium-sized business. But it doesn’t have to be. The easiest way for every business to increase their protection involves thinking differently and changing the culture of your business to ensure that cybersecurity becomes everyone’s responsibility.
Protecting your business and reputation in an always-online digital world can initially feel a daunting responsibility. But you don’t have to do it on your own. All of the above can be achieved without the need for a big budget. It’s simply about sharing the increasing responsibility across the whole of your business.