Is cybercrime a myth for British SME's?

10/06/2016

As cybercrime continues to spread across our digital economy, we hear stories of huge data breaches hitting the headlines. Global brands such as TalkTalk and Sony suddenly appear vulnerable with their fate at the hands of the hacker - who could simply be, one solitary genius who dreams in binary and plots world domination.  In the absense of Bruce Willis or a Spiderman for the web, the response of the multi-nationals is to invest heavily to protect data, intellectual property and the survival of their company.

Hackers (and crackers - those with malicious intent) seek high value returns from these big brands so it’s easy to think that smaller businesses are not the target? As SMEs, do we run the risk of overlooking cybercrime as merely an issue for the larger corporates?

Are SME’s really at risk?

Unfortunately, SME’s are increasingly at risk. The rise in threats to smaller companies in recent months, has indicated that some businesses are sitting ducks, and thus easy targets for even a simple hack; targeted ransom demands, a steathly trojan or the stealing and corruption of your valuable customer data.

As reported by The Association of British Insurers in their May 2016 white paper: ‘Making sense of cyber insurance: a guide for SME’s’.

In addition, John Allan, National Chairman of the Federation of Small Businesses (FSB) states:

Simple steps for preventing a cyber attack

It's impossible to be completely safe from risk, evidentially even with maximum security systems in place the hackers can still sometimes find a way through. However, don't despair! prevention is the best defense and below we have suggested a number of simple measures you can put in place to help protect your business, customers and data.

This basically means implementing a number of good business practices which, although appear obvious, can sometimes be neglected and leave your systems vulnerable. 

Passwords - Avoid using the same password for multiple email accounts and select a strong password that is made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger.

Opening emails - If you're not sure about the origin of an email and it looks dubious then do not click to open it.  Any suspicious emails should be deleted as they may contain fraudulent requests for information or links to viruses.

Protect and encrypt all devices - ensure that all computers including laptops are secure. Plus, check and protect all mobile devices including removable media such as USB's as well to minimise any damage to data if they are stolen or when they connect to the corporate network, these are one of the key routes crackers use to breach the system.

Your IT provider is so much more than a supplier, they can be a virtual strategic partner who can assist with risk and vulnerability assessment, policy development,  strategic planning and the provision of a continued service in the event of any complications or threat breaches. 

It is not always enough to invest in an off-the-shelf anti-virus product which is then neglected; not maintained, monitorerd or updated, and therefore not effectively doing it's job in protecting the business.

Cyber threats are evolving at breakneck speed so having a steady partner on-board, and the processes in place to manage a fail safe backup can offer more than just peace-of-mind, it can be a life and business saver!

Firewall - this will act as a barrier to protect the company's network when connecting to the internet.  In addition, ensure that the firewalls of software programs being used are installed and activated whether via Windows, Linux or MacOS.

Antivirus - ensure that anti-virus software is updated to protect the company adequately from any viruses, spywares or malwares.

Backup and disaster recovery - with a systematic and automatic backup process all important company information is stored safely and a plan can be implemented to quickly recover data in the event of any threat breaches or disasters, such as a fire, theft or flood thus, minimising the impact on business continuation.

Website filtering - consider restricting and managing user access to certain sites to minimise the effects of malware and other threats.

Creating a safety culture and awareness of cybersecurity should be promoted to all users of the company’s information systems. Encouraging esafety-conscious processes and practices and establishing standards and security protocols regarding the use of computers, email servers, databases, own devices, personal applications, downloads etc. will protect the business at the grass roots.

More employees are using their own devices to access company information on or off-site and this is encouraged by businesses who wish to benefit from the opportunities of remote and flexible working. The BYOD (bring your own device) or BYOT (bring your own technology) practices include both hardware and software and will require proper measures to prevent information leakage or the introduction of malicious software.

If you would like one of our team to support you in your security review, identifying areas of vulnerability, offering recommendations and a variety of managed solutions for reduced risk, then please do GET IN TOUCH.  We’re happy to assist.  Speak to an expert on: 01326 379 497

BACK