By Andrew Thomas, Managing Director, Europe, CSID
When you mention cyber-crime, data breach or identity theft to a small business (SMB) owner what reaction would you expect to get? Disturbing results from a recent survey by the government’s Cyber Streetwise campaign found that two thirds (66%) of SMB owners do not consider their businesses to be vulnerable. Furthermore, three quarters (78%) of those surveyed believed in the common misconception that only companies that take payments online are at risk of cyber crime.
The government’s Information Security Breaches Survey recently debunked these misconceptions with some eye opening findings. Almost half of all UK SMBs had a serious security breach in 2014 with 8-15% of annual turnover lost in the worst security breaches. The survey revealed that the average cost of the worst security breach is between £65,000 and £115,000, and can even result in a business being out of action for up to ten days. Even more worrying is that 60% of small businesses are reported to fail within six months of being hacked. The worst data security incidents reported were caused by malware (31%) and attack or unauthorised access by outsiders (23%).
The 5.2 million SMBs in the UK account for 49.8% of the economy, a fact that truly quantifies the debilitating impact a data breach can have.
SMBs like the local hairdressers on a small high street make the perfect targets for criminals, largely because they don’t have the time or resources larger enterprises have to devote to cyber security. As John Allan, National Chairman of the Federation of Small Businesses (FSB) recently commented, “We know from our own research that in the future small businesses expect to become much more dependent on web based tools. We also know that, as firms’ reliance on tools like cloud computing increases, they also become more aware of the threats these services can pose.”
So what exactly can SMBs do to avoid data compromise? Realistically it boils down to awareness, education, monitoring and damage control.
Awareness - First and foremost, individuals who are interested in starting a business must be aware of security implications and costs when building a business plan. Security is typically not top of mind when an entrepreneur is ready to start a business. The security industry, government and entrepreneur start-up communities must work together to build awareness around new business security.
Education - As a business begins to expand, it is vital to educate employees on the importance of workplace security and choose vendors with superior security reputations. Businesses should build and enforce password, BYOD and social media policies from day one. The more well- educated the workforce is on the importance of security, the more likely they will be to employ better online habits at work as well as in their personal lives.
Monitoring - Take advantage of software solutions that can help monitor the security of your business. Anti-virus solutions can help protect against malicious malware and VPNs can help protect business data when conducting business outside of the company network. Businesses should also consider a monitoring service to keep track of your SMB’s overall health and mitigate the risk of breach. An SMB should monitor employee and customer credentials, its credit score and credit report to detect fraudulent activity.
Damage control - Be sure to have a breach preparedness plan. While a damage control plan may not reduce the cost of repairing the data breach, it certainly helps keep your customer relationships intact and reduces business reputation damage.