Cyber Security for SMEs
by Dave Westbrook,
The data that SMEs hold is valuable to cybercriminals. Yet it’s a data risk, or data vulnerability, that many SMEs overlook as they keep their focus on day-to-day activity. With the cloud now an integral part of running a business, data is being collected and stored in new ways – which can lead to data breaches if adequate security measures are not taken.
But with cybercrime costing organisations around the world an estimated £322 billion each year, data security is no longer an IT issue—it’s a business need.
According to data from the Information Commissioner’s Office (ICO), cybercrime has increased by 15% since 2016 in the UK. The ICO reports that one in ten of us have been a victim of cybercrime in some form or another over the past 12 months; whether this means we have fallen prey to data theft and fraud, fake emails or phishing attempts, as well as data exposure due to hacking of devices such as smartphones and laptops.
The cost to businesses is high too: over 72% of SMEs reported a loss as a result of data crime in 2017—with, on average, SMEs losing £34k every year according to PwC’s 2017 Global Economic Crime Survey—is cyber security really worth your time and investment? Let’s take a look at why cyber attacks are becoming more prevalent for SMEs and how you can protect yourself from harm.
The Data Value Premium
It’s no secret that data is now an integral part of the digital economy. And the data you store—data such as supplier details, financial transactions and customer records—can be a valuable commodity to cybercriminals. SMEs are particularly vulnerable due to their smaller size—they tend not to have resources or budgets comparable with larger corporations. This means that cybercriminals are more likely to find success in attacking small businesses and organisations for data theft, extortion or reconnaissance purposes.
Cyber security fact: There were 468 reported data breaches in Australia in 2016-17—up from 257 the previous year. The average cost per data breach was over $2 million AUD.
Australian Privacy Foundation
The data you collect also has a data value premium—your data can be more valuable to cybercriminals than data from larger organisations. For example, if data is leaked or exposed during a cyber attack of a large company it could be easy enough for that company to absorb the negative publicity and clean up any potential damage caused by data misuse. However, SMEs may struggle to recover from such an attack given their limited resources. Cyber attacks on SMEs have been shown to cause significant financial harm—according to PwC research 80% of SMEs who were attacked suffered losses in excess of £36k following misconduct.
How data is collected and stored for your business also makes data susceptible to data theft or cybercrime. SMEs are not just at risk from data attacks over the internet—data on local computer networks can be compromised, too—if information is lost or stolen as a result of a cyberattack there’s no telling where that data may end up next. IT security products are available to help protect you against such threats, but it is important to note that data vulnerabilities will still exist even in the best-case scenario.
The evolution of cloud computing has brought with it new ways of storing data and managing systems. A private cloud allows SMEs to store their data securely on company servers located within their own network—however this approach can come with its own data security risks.
According to data from Vanson Bourne, 13% of SMEs who use cloud computing have data hosted on public cloud data centres; as opposed to just 8% in 2016. This means SMEs are taking advantage of the flexibility and low initial costs of using a public cloud service—however they may not realise that this approach comes with additional data security risks which could be detrimental to their business.
No data is 100% secure, but data crime can still be minimised by following some basic guidelines. Here are four steps you can take now that will help protect your business against cyber attacks:
Step 1: Understand the Threat Landscape
It’s critical for businesses to understand the potential data security risks they face. This means taking a data security audit, learning about data breaches and data theft cases that have happened to other companies in your industry. It also means adopting data privacy strategies that take data protection seriously and carefully reviewing the cyber security policies in place across the business—there may be areas of improvement or inconsistency within your data management processes which are open to exploitation by cybercriminals.
Step 2: Data Encryption
Data breach prevention must become part of your cyber crime defence strategy—data should be encrypted so it is rendered useless if it is stolen by cyber criminals or accessed by unauthorised parties—contact us for more information on using data encryption.
Step 3: Cyber Crime Insurance
Some SMEs may not be aware that cyber insurance policies are available to protect data, data breaches and data theft. According to a Vodafone-commissioned survey of 1,000 UK SMEs there are significant data risks inherent in running any type of business—but SMEs can find data security protection by taking out an appropriate cyber insurance policy.
Step 4: Data Breach Response
If data is stolen, lost or compromised it’s vital that you respond quickly because this will help limit the damage that could be caused by a cyber attack. All data breach response plans should be data-centric, with cybercrime prevention measures forming the backbone of data breach response.
More information about data security can be found in our cyber security section on this website—including services such as penetration testing and an explanation of why data data privacy is vital for SMEs. It’s also important to remember that data is only one type of risk associated with cyber crime—so understanding which other risks could affect your business is just as important as addressing data worries. These include:
- Malware and viruses
- Denial of service attacks
The data security landscape is always changing, with cyber criminals forever trying to find new ways to attack data and data storage devices. SMEs must therefore be prepared against new data crime threats as they emerge—which means ensuring data breach management plans are up-to-date across the business—from IT management teams to human resources and marketing departments.