SMEs Time to Wake up from Your Cyber Hibernation
‘This won’t happen to us!…Who wants to hack us?…Why? We are nobody!’ That is what most of small and medium business owners and managers have believed in for the past 15 years. Till few years back, I would reluctantly agree with them, from a business point of view. But not anymore.
The landscape of cyber risk and threats has been changing rapidly within the past couple of years. Cyber criminals are increasingly targeting small and medium businesses. Almost 80% of small and medium business in the UK have been compromised or breached since 2014, according to the UK department of Business and Innovation. The average cost to recover doubled last year from its previous figure and is reaching an average of £75,000 to £355,000. These are surprisingly high and worrying numbers for a nation, in which SMEs represent more than 90% of its business sector and add an average of 48% to its economy.
This increase in cyber risk and threats to small business is noone’s fault except themselves. Cyber criminals prey on the knowledge of SMEs having low cyber defences due to the lack of financial and human resources. Sometimes, cyber criminals use them as a channel for a bigger prize, if they are contracting with larger business who are harder to penetrate their cyber defences in short span of time.
SMEs need to start to accept and understand the rise and severity of cyber risks and threats. This is becoming a more pressing matter for small and medium business management in the next 18 months. Otherwise, they will have to face fines of €20 million or 4% of their annual turnover if they do not comply with the European Union Data Protection Regulation and cyber security law. Reading the regulations and standard documents will, most probably, put business owners and managers off due to their complexity, thanks to their contracted nouns and legal jargon, as well as the perception of acquiring high cost through the compliance process. The complexity issue is true to an extent, but the cost part is more of a myth than reality. Small and medium businesses can shed the cost by adopting and implementing few simple steps that can help them reduce their cyber risk and threats, such as:
- – Strength users’ passwords: Businesses can increase the complexity of their users’ passwords. For example, avoid using default passwords for systems and applications, change user passwords every three months and make user password more complex by using two or three random words together with numbers and special characters.
- – Improve the protection of the business devices: Installing antivirus- and malware software across the business computers, laptops and smart phones can reduce the risks of virus and malware infections. Keeping these softwares up-to-date with vendor updates plays a crucial role in reducing these risks.
- – Keeping the business digital systems up-to-date: Businesses need to keep all their systems, applications and software patched with the latest updates the vendors offer. This is important as most of them include security updates and enhancements that will keep your system running efficiently.