Why small businesses should care about cyber security

From an article By Ben Rose August 2016

After witnessing the fall-out of high profile data breaches, such as Ashley Madison, British Airways and Talk Talk, the issue has been brought to the forefront of the world's attention. And while it might be the big brands that hit the headlines, it isn't just large organisations who are targets of these kinds of attacks.

There was a time small businesses were at a lower risk, with most of their data held on their premises and with security gateways firmly controlled. But things have now changed, with the introduction of cloud services along with increasingly sophisticated cyber criminals and malware, meaning no one is safe.

So what exactly makes you a target?

You're too busy and hackers know it

Running a small business can be stressful. With long days and sleepless nights, who has time to think about data security? Let's face it, you have a lot on your plate and you haven't spent much time making sure you're protected.

No legal team

Unlike large organisations who have the budget to hire an entire law and compliance department, you probably don't have any dedicated legal expertise internally. As a result, you may be overlooking your responsibilities around handling data.

Your data grows with you

It can be easy to lose track of the amount of data you've generated over time. Your customer database may have been small in the early stages but before you know it, you've met over a thousand potential clients and your CRM is full to capacity.

Leaky internet

Chances are you have freelancers or remote workers accessing your systems from a local coffee shop or a co-working space. If that's the case and there's no secure Wi-Fi connection, hackers can easily steal your data.

Your data is an entry point to the big guys

It's a common misconception that hackers won't be interested in attacking a business with little money or data. And while they probably don't care about the £80 order you took yesterday, your unprotected systems could give them a 'back door' into larger clients or suppliers, which is exactly what they're after.

Every website is a target

Hackers have a lot of time on their hands to spend trawling the internet in search of websites with vulnerabilities. If your VPS (Virtual Private Server) is compromised it can be used to fire out thousands of spam email, potentially blacklisting your IP address and costing thousands to repair.

What next?

Now you understand how and why you may be vulnerable, it's time to be proactive and take the appropriate measures to protect your business.

• Install security software on your company website and keep all its scripts up to date
• Clear your cookies on a regular basis
• Educate employees on the value of cyber security and the importance of reporting anything suspicious
• Encrypt your smartphone
• Use a different password for each site that you use, using a password manager to maximise security
• Get a virtual private network that can protect multiple devices
• Avoid clicking links found in suspicious emails, even from business contacts
• Ensure employees aren't accessing sensitive data whilst connected to public Wi-Fi networks.
• Never save passwords and credit card details in your browser
• And last but definitely not least, have cyber insurance cover in place

Unfortunately, even with these prevention methods, you are never completely safe and all businesses, large and small, must now accept that cyber-attacks are inevitable. A data breach can cause extreme financial and reputational damage, that could even be the downfall of a start-up or small business.

The Information Commissioner's Office can impose a penalty of up to £500,000 if your business fails to comply with the Data Protection Act and, from the consumer perspective, data breach incidents are also a violation of their trust and privacy.

It's only a matter of time before you're a target, so be prepared.

Source of article