By Simon McCalla, CTO, Help Nominet
This year is already stacking up to be a seminal year in cyber security. We’re just over half way through 2014 and we’ve already seen multiple stories highlighting the issue. Earlier this month, the hacking group, Dragonfly, attacked EU and North American energy firms, in particular energy grid operators and industrial equipment providers. Also back in May, eBay revealed that a hacker had compromised the data of around 145 million customers, resulting in the company asking its customers to reset their passwords.
However cyber security is not just an issue for larger businesses. According to the Department for Business Innovation and Skills (BIS), small businesses are now experiencing cyber security incidents only seen previously in larger organisations. In fact, according to their research, 87% of small businesses had a security breach in the last year, which is up from 76% the year before.
Our own research bears this out; we recently surveyed small businesses with less than 50 employees and found this demographic increasingly under threat. Out of the 400 small businesses surveyed, 77% had been a victim of a cyber-attack in the last month, with one in five losing money as a result. Over a third of cyber security incidents were classed as serious — involving either the business’ website being hacked, high levels of malicious spam or a loss of customer data.
This is undeniably a serious problem for small businesses, who generally have far fewer technical resources, time and funds compared to their larger rivals. As a result, cyber issues are often resolved without the help of specialist expertise. In almost half (45%) of cases, cyber issues are addressed by the business owner, a personal friend or other, non-technical member of staff. Without proper training or knowledge, taking this approach risks lengthening the problem, or making it worse — both of which lead to downtime and lost revenue they simply cannot afford.
To help tackle this issue, businesses need to ensure they first do a few basic tasks in order to protect themselves. Here are some suggestions:
• Stay up to date - read the business pages and keep abreast of the current news regarding cyber security risks. By doing this you will at least be aware of current trends and ways in which hackers are scamming businesses. Stay up to date by checking online safety sites like Knowthenet or CyberStreet
• Educate your staff - everyone can play their part in protecting your business. Every employee needs to understand the value of being cyber aware and knowing to report suspicious emails to everyone on the team. Having strong passwords that include numbers and letters is essential, and remember that the longer the password, the harder it is to crack, as well as monitoring memory sticks and other plug in devices as these may hold company information
• Know the risks of BYOD — The bring-in-your-own-device trend, where employees use their own devices in the workplace, offer many benefits, such as cost savings, however, allowing BYOD will make it much harder to keep control of the flow of information within a business. You will need to ensure staff stick to official company policies and disconnect them immediately as soon as they leave
• Update your software — As a small business, you will hold valuable information on customers, your business’ finances and details on partners. Hackers will therefore try to find holes in your security software and unpatched webservers and operating systems. Make sure you always update your security software and desktop updates when prompted as these will patch security holes
• Do not assume people are who they say — Not all attacks will be through your IT systems. It is also possible that a business be targeted by hackers pretending to be delivery men, or receiving phone calls purporting to be from IT suppliers. Don’t give away any information that could be used against you and encourage staff to stay vigilant
However, while these basic steps will help to protect a business from cyber-attack, many smaller businesses are short on time and resource to implement them. The complex, ever-changing nature of cyber security threats, and the fact that software solutions are expensive and aimed at larger businesses mean that smaller businesses can be overwhelmed with the task.
We’ve been looking at this issue in detail, and think that there’s a real need for a dedicated, appropriate cyber security service to serve Britain’s small businesses. We want to find out what problems small businesses are facing, and how best they could be supported in this area — so have started a pilot for a potential service called Cyber Assist. This aims to help smaller companies arm themselves with the knowledge, tools and expertise needed in the fight against cybercrime. During the pilot, we will give small businesses free access to easy- to-understand advice on protecting their business, help with identifying cyber problems and give them support to fix problems. We need small businesses from across the UK who are interested in this area, or have had major cyber headaches in the past, to help us shape the service and make it the best it can be. So if you’re interested in getting involved in the pilot this summer, please click here to find out more details and register to take part.
With companies becoming increasingly reliant on the internet for business, customer awareness and transactions, being cyber aware is now just part of being in business. How many are confident that they’ve done enough?