Cyber Security – Am I really at risk?

These days, cyber security breaches at large corporations make headline news and have ramifications that last for years.  (LinkedIn’s breach in 2012 resurfaced as a current issue just last month).  However, many small business owners are reluctant to spend any time or effort on cyber security.  Some feel that the subject is just too complex.  They simply don’t have the resources to effectively protect their data.  Others feel that they have no data that is worth protecting.  Others, that cyber criminals are unlikely to be interested in them.  The security industry doesn’t help as it often plays on fear, uncertainty and doubt in an attempt to create a market.  So what is the real situation?  Is it worth worrying about?

Small businesses are targets

private dataFirst the bad news:  all of the properly-conducted research shows that large numbers of UK small businesses have had a cyber security incident in the last year.  Depending on what people define as an incident, the survey figures vary from 30% to well over 80%.  The simple fact is that, when a cyber criminal is searching for targets, they do not exclude small businesses from their search.  With such high chances of being targeted in any one year, it is reasonable to conclude that, sooner or later, your business will be a target.

Security is not that difficult

Now the good news: it is actually not difficult to defend your business.  It is often said that you don’t need to have a high-end alarm system and doors like Fort Knox to deter burglars.  You just need to have better security than your neighbours.  The same is true in the cyber world.  If the cyber criminal targets your business and finds that you have effective defences, they are likely to quickly move on to an easier target.  Therefore a few simple steps can make all of the difference between falling victim or the attacker moving on to the next target.  The UK Government has an excellent scheme called Cyber Essentials (https://www.cyberstreetwise.com/cyberessentials/ ). This scheme explains very clearly what these steps are and how to achieve them.  Here are some of the basic steps:

  • Change default passwords and delete unnecessary user accounts
  • Use strong passwords
  • Remove unnecessary firewall rules and services
  • Remove unnecessary software
  • Disable “auto-run” features
  • Use security protection software
  • Update and patch all software regularly.