When we think of hacking, we tend to imagine global banks being attacked to the tune of billions – but according to research released late last year by cyber security firm Symantec, companies with fewer than 250 employees now account for 31% of all cyber attacks. Small businesses are often woefully underprepared when it comes to cyber security – and this puts them in the crosshairs.
“Small businesses represent low risk and little chance of exposure for thieves,” Neal O’Farrell of Think Security First told PC world. “They typically lack the monitoring, forensics, logs, audits, reviews, penetration testing, and other security defences and warning systems that would alert them to a breach.” This is why, according to Toni Allen, UK head of client propositions at the British Standards Institute, “SMEs are now being pinpointed by digital attackers.”
A cyber attack can wreak havoc on a small company’s finances: a UK government survey reported that for small and medium sized business the average cost of the worst breach is between £75,000 and £310,800. Furthermore, when the EU’s new General Data Protection Regulation comes into force in 2018, allowing security breaches to compromise customer data could result in companies being fined 4% of their annual turnover, up to €20m.
Finances may recover in time, but the damage to a brand’s reputation for dependability and customer security may well be irreparable. It is vital that small businesses take steps to prevent such attacks from happening.
“Burying your head in the sand may save money in the short term,” Alex Fenton, a digital business expert and lecturer at Salford University told The Guardian, “but the cost of hacking could range from minor inconvenience, reputation damage, loss of customer data, fines and ultimately company closure.”
Instituting a secure password policy (never the same password for more than one account, use at least three random words) and ensuring that your cyber security software is business-grade and up to date are simple steps that could protect you.
However, the most essential step towards cyber-security is staff training. Many hacks come about because of vulnerability created by simple human error: the wrong link clicked in an email, some malware hidden in innocuous seeming MP3 software. Educating all staff to practise good digital hygiene could mean the survival of your business.
“You don’t want your first breach to be a learning exercise,” security expert Lawrence Pingree says. “Your brand, even your company, may not survive to learn from those lessons.”
DeltaNet’s eLearning solutions help keep businesses remain secure against ever-evolving cyber threats. Courses available range from digestible, five-minute Take 5 micro-learning modules to in depth, detailed eLearning courses covering multiple topics within a subject area. Courses include Data Protection, Information Security and Records Management.