(Posted on behalf of Sam Jones Cyber Essentials Consultant - Cyber Tec security)
 
 

"We're a tiny company, why would anyone want our data? It's not like we're making tens of millions in profit"

Unfortunately, I'm familiar with this mindset.

It was only once I got rid of this mindset that I was finally able to give the cyber threat the respect it deserved.

The thing is, the longer we pretend it doesn't exist, the easier it becomes for cyber criminals to make our businesses targets.

Essentially, it's like heading out to work and leaving your front door wide open all day on purpose.

For the sake of your business, here's the mindset you need to adopt instead.

"My business will be breached"

And yes, you did read that correctly.

The cyber threat is a lot bigger than you think...

There is absolutely no doubt in my mind that you will get breached in the future.

With around 32% of businesses in the United Kingdom being breached between April 2018 and April 2019, it's possible that you'll be part of the statistics.

The CEO of the National Cyber Security Centre (NCSC) wholeheartedly agrees.

He's already said, it's a matter of when not if your business will be breached.

It's now a question of whether you're prepared for the inevitable.

Think about it for a second,

You use technology every single day, your team uses technology every single day. You rely on it to make sure your business can function.

The amount of information, personal and sensitive data that you're risking by not utilising cyber security means you're putting your entire business at risk.

Sure, the business will come to a standstill and you'll have wasted your team's time but you'll feel the impact in a much worse way.

In fact, it won't only be you that feels this impact.

The people you don't want to upset, the people you want to keep as happy as possible, will be livid when they realised you've been breached.

Of course, I'm talking about your clients.

Your clients are right to expect their data to be in safe hands and the businesses who look to avoid cyber security will ultimately have less business in the future.

iC9zNNguWto9D-xDhwUKvOwzF3V4b3Gh1X-wLyDYKnkmVgOalpdpbKNjHE2brwnbi3wlOA2hqgpWjdmHa4GoHzZm7WcIkbs3NG_BNJpvwmUpOMNXpUzY0um6LqtYhRB_3BaNgdAyFleko72rw_4zFjowcxE0tT_H1mH9FBHkBaldR5-KVUwART1bpGAsFIVHARMsXTSbkFUXLro5XnGu1PIt5pZS688eJUE1lrS60X6ucwoVRECVyylWO8xea90FPavOSUZ3FQ3NY8sX8yOsTuXZ_4jhRkLpbO-sRapzSHtKJPJOpbP1HXIK8Crvb2PNdIdBnuuLQGnLp2T-GFFEA3-YdnJfB48VdnqVG0w=s0-d-e1-ft#%3Ca%20href=

You can't afford to ignore cyber security

Even as an SME, your business still needs to utilise cyber security otherwise the consequences can be catastrophic.

1) Imagine being fined 4% of your turnover because you didn't have any cybersecurity in place after being found to be breach GDPR.

Ask yourself, would your business survive if it lost 4% of its turnover?

I do hope the answer was yes because most small businesses wouldn't.

2) Your organisation will be put on pause.

Just recently in November 2019, a French hospital which experienced a cyber-attack were incredibly delayed in providing crucial, emergency medical care.

If they had the foundations in place and had documented processes and policies for their staff to follow long before they had their attack, they would haven't have had to resort to using a pen and paper to file life-threatening information.

3) The damage to your reputation is, in some cases, is defining.

As I've said earlier, your clients are everything for your business.

When you're breached, you have to notify ALL of your clients within 72 hours about the breach.

If your clients then hear that you didn't have anything in place to protect their data, all that trust you've spent years building, will be gone.

They won't want to do business with you, they'll just find a competitor who cares about compliance and cyber security.

In fact, most businesses nowadays need you to have the certification in order to work with them so they can ensure their supply chain is secure.

Now you know you can't ignore cyber security, what do you do?

Do this right now...

Contrary to popular belief, you don't need an £100,000 investment or a team of cyber security specialists to take care of your business' cyber security.

You don't need to be Mr.Technical to be able to improve your cyber security either. Anyone (Yes, even you) can do this.

So here's what you can do right now, this very moment, to make you safer.

1) Develop a strong password policy.

Whilst it's important to look into building a detailed information security policy in the future, right now, you could set out a few password rules for your staff which would make your company far less susceptible to being breached.

I recommend:

  • Using 12 Characters minimum
  • Including numbers, symbols, capital letters, and lower-caseletters: Use a mix of different types of characters to make the password harder to crack.
  • Staying away from obvious dictionary words and combinations of dictionary words. E.g. (Red House)
  • Not using common substitutions for example, “H0use” isn’t strong just because you’ve replaced an 'o' with a '0'

2) Encrypt your confidential data

People hear the word "encrypt" and run because it's a technical term. In truth, it's quite simple.

Encryption simply means hiding your data and it provides another hurdle for cyber criminals.

I first learned about encryption in this beginner's guide to encryption so feel free to check it out, it's truly insightful.

3) Be selective with access

It's really important that only assess the permissions of your staff. Does your brand new intern have access to the confidential, C-level data?

Once you sort out the permissions, you'll reduce the risk of social engineering. This means if a hacker breaches your brand new intern, they won't be able to access the highly sought after information.

4) Update your software

When you refuse to update your software, you allow the holes in software to remain on your systems. There are brand new patches, fixing security holes, every single day.

Make sure you:

  • Turn on Automatic Updates for your operating system. (iOS, Windows, Android etc)
  • Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
  • Update browser plug-ins (Flash, Java, etc.)

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform