Think systems and data breaches only affect the big players like ebay and Target? Think again. Whether it’s hackers accessing your system and demanding compensation to restore it via programs such as Ransomware or specific interest groups releasing (or threatening to release) private and consumer data, such as identifying information and credit card details, the threats are real, and they are everywhere. But they can be avoided.
In 2013, an estimated 740 million online records were exposed; 89% of those breaches were avoidable.
Why SMEs need to care about IT security
Along with everything else to focus on, cyber security might not seem like something a small business needs to spend much time and money on. After all, why would anyone want to hack into a small family business’ infrastructure?
But if you think your growing business isn’t at risk, you’re missing the point somewhat. It’s not about how big your company is, it’s about how easily someone can access the infrastructure and what they can do with the data – credit card information is useful to hackers and thieves no matter what type of business you run.
Sixty per cent of targeted online attacks affect SMEs.
Think of it this way…
If your business were a brick and mortar shop on the high street and you left all the doors and windows open every night and a cash register full of money, but the shop next door stored money away in a safe at night, locked everything up and had an alarm, which shop do you think a thief would target first?
It doesn’t matter what your business does or sells, it matters how easily it can be infiltrated.
What are the risks of data and security breaches?
The numerous high profile examples we have seen in recent months often focus on the immediate impact of a breach; consumer data loss, but this is only part of the story. Consider these very real and often long-term risks:
- Reputational risk – a lack of credibility within the consumer market – if you can’t keep your customer’s data safe, they will take their business elsewhere.
- Financial loss – an initial fall in sales, a slump in stock value and paying a ransom or fines can hit a small business hard. If your company handles credit card transactions, you also need to be PCI DSS compliant, or face hefty fines if data is leaked.
- Instability of executive board – in larger organisations, it’s often the CEO who is forced to stand down in such circumstances but the senior management team is also at risk.
- Unattractive place to work – if the situation is really bad, you might also lose trust internally and employees may not want to be associated with your organisation.
What makes IT security challenging for SMEs?
Often, SMEs will not consider IT security a high priority, and with good reason. It can be expensive (to invest in initially and then to maintain it) and time consuming when resources are already stretched. But the real question SMEs need to answer is – can you afford not to be safe?
Additionally, a lack of understanding or expertise can also cause challenges for smaller organisations that might not have the luxury of a large team of IT and cyber security specialists dedicated to reviewing and improving their systems. It’s never been easier for companies to be agile, with many small businesses cutting costs by implementing a BYOD (Bring Your Own Device) strategy for employees, but with this, the security risks also increase substantially.
How can SMEs avoid cyber threats?
Unfortunately there is no magic solution, and it’s a sign of the current business world that, at some point, those threats will become reality. But there are some affordable measures that can be put in place;
- Educate employees on steps they can take to protect data – creating strong passwords, avoiding dubious email attachments, locking computer screens and not sharing access codes are all simple to implement.
- Establish a BYOD security strategy – if you allow employees to use their own devices, put an easy to follow security plan in place that includes the types of suitable devices they can use, your expectations of their usage and how to report any issues.
- Maintain anti-virus software – ensure all current computers have up to date firewall protection and anti-malware – these are affordable and easy to install software packages.
- Implement a hardware inventory – set up a register of all devices and ensure old items are disposed of appropriately and all data removed.
- Make it everyone’s responsibility – introduce the topic at staff meetings and ask for everyone’s input and suggestions to how your business can be safer.
A part of doing business in today’s world, cyber security is a real threat to organisations of all sizes. But, with some simple steps, you can equip yourself to mitigate the risks.
Note: This story has also been adapted for publication in Steemit.