When an international company or a national institution becomes the victim of a cyber attack, the world sits up and takes notice. Few of us, for example, could have failed to hear or read about the WannaCry cyber attack earlier this year. Reporting of these attacks has a tendency to lead us into thinking cyber crime only affects high profile multinationals - but the reality on the ground could hardly be more different. Much like the technology it targets, cyber crime is constantly changing and evolving. The government will invest £1.9 billion in cyber security over the next five years to significantly transform the UK's cyber security and make the UK the safest place to live and do business online, but we all still need to do more when it comes to cyber security.
Research conducted by the Department for Digital, Culture, Media & Sport highlighted that senior managers in three quarters of small businesses (73%) say cyber security is a high priority with nearly half (45%) of all small businesses having identified a cyber security breach or attack in the last year.
And this concern is starting to be reflected in investment in protection, with UK SMEs planning to boost their spending on firewalls, software and other defences from £2.9 billion to £3.8 billion over the next 12 months.
Yet, in spite of these signs of increased awareness and action, there is evidence that a significant number of SMEs still think that cyber crime is unlikely to impact them.
This latest research from the Department for Digital, Culture, Media & Sport further highlights that small businesses are less likely than medium or large firms to have cyber security measures in place. Only 32% have formal cyber security policies in place, compared to 61% of large firms. And when it comes to cyber security training for staff, a mere 19% of smaller firms have this, compared to 47% of their larger counterparts. When asked why, it's because they perceive themselves as being too small or insignificant (38%) to become a victim. However, nearly half (45%) of small firms reported a cyber security breach or attack in the past year.
This is a concern to National Chairman of the Federation of Small Businesses (FSB) Mike Cherry: "Cyber crime is one of the fastest growing risks to small businesses, and one of the fastest growing areas of crime globally," he says. "In the UK, we estimate small firms are hit by seven million attacks a year, costing the economy more than £5 billion.
"For
a small business, with less time and resources, a cyber attack can have
devastating consequences. Our research found that cyber attacks, over a two
year period, cost small business victims nearly £3,000 on average, each
typically taking more than two days to recover from. As the risks grow, it's
more important than ever that small businesses take steps to prevent themselves
from the threat of cyber crime."
The good news is that there are some simple, proactive steps, which you can take to get good, basic security measures in place and significantly reduce the risk your business faces.
Firstly, be sure you and any employees always install the latest software and app updates - they contain vital security upgrades which help protect your devices from viruses and hackers.
Security updates are designed to fix weaknesses in software and apps which could be used by hackers to attack your device. So, installing them as soon as possible helps to keep your devices secure. You and your staff can choose to install these at night when not at work, or you can set your mobile or tablet to automatically update your apps when you are connected to Wi-Fi and an update is available. You can also set laptops and desktops to automatically install software updates when an update is available.
It's also important you and any employees use a strong, separate password for your email account. Hackers can use your email to access many of your personal and work accounts, by asking for you password to be reset, and find out personal information, such as your bank details, address or date of birth, leaving you vulnerable to identity theft or fraud.
Having strong, separate passwords for your most important accounts means that if hackers steal your password for one of your less important accounts, they can't use it to access your email account.
A good way to create a strong memorable password is to use three random words which are memorable to you, but not easy for other people to guess. Avoid using words and numbers that can be easily worked out, such as children's names and dates of birth and be aware that hackers know many of the simple substitutions we use, so using ‘Pa55word!' isn't an option.
Screen locks are also strongly recommended as a simple way to add a first layer of security to your phone, tablet or computer, while regularly backing up your data gives you a duplicate copy of photos or key documents in the event you are infected by a virus or your device data is damaged or deleted. Just don't use ‘1,2,3,4' or an ‘L' shaped pattern.
If you're out and about on work trips, don't use public Wi-Fi to transfer sensitive information such as card details. Hackers can set-up fake Wi-Fi hotspots, which might enable them to intercept sensitive information you are transferring online.
If you want to be really secure, Cyber Essentials is a government backed and industry-supported ‘standard', which protects businesses against the most common online threats. It sets out five controls which will significantly reduce businesses' vulnerability to cyber crime, and is suitable for organisations of all sizes, in all sectors. Not only will your business be more secure as a result, you will be able to display a badge demonstrating you adhere to a government-endorsed standard, giving you a distinct edge over competitors. Cyber Essentials certification is already mandatory for many government contracts and many large firms are now looking to require the same of their suppliers.
This article is part of the Cyber Aware cross-government awareness and behaviour change campaign delivered by the Home Office alongside the National Cyber Security Centre