You saw the opportunity. You started your own business using technology as an enabler. You grew your company from a vague idea into a thriving enterprise. You know that cyber security is important, but you have more pressing demands on your time such as growing the business, identifying new markets, hiring new staff, and pitching to potential new clients while still ensuring you continue to delight your existing clients.
But beware: lack of action on cyber security puts your company at risk
Business owners often put cyber security lower down their priority list because, at some level, they believe or accept the following myths.
Myth #1: “We are too small to be of interest to hackers” – NOT TRUE
Hackers target small businesses precisely because they expect their defences won’t be as strong as they are in larger companies. This makes you a soft target for the experienced hacker.
In addition, hackers will often attack a small company in order to gain a foothold for an attack on a larger company – your customer – a so-called “supply-chain” attack. Imagine how the conversation would go if that happened with you and your most valuable customer.
Myth #2: “Attacks on SMEs are not that common” – NOT TRUE
A whopping 42% of micro/small businesses identified security breaches or attacks in the last year according to the 2018 Cyber Security Breach Survey. As you move up into medium sized companies that figure increases to 65%.
Myth #3: The impact of a cyber attack is not severe enough to warrant attention – NOT TRUE
In the USA, the National Cyber Security Alliance found that 60 percent of small companies went out of business within six months of a cyber attack.
For those companies that do survive, analysis by Deloitte suggests that many of the costs of a cyber attack are less visible than the immediate costs of the cleanup and can extend over many years.
These can include lost customers, reduced revenue, intellectual property entering the public domain, adverse publicity affecting the goodwill value of the business, or increased premiums or excesses on your insurance. Perhaps the worst impact of a cyber attack is that it can absorb the attention of the management team and distract them from the important work of growing the business.
OK – so where do you to start with cyber security?
The government is very keen to encourage the private sector (including the millions of small and micro businesses in the UK) to improve their cyber security. They have established the National Cyber Security Centre (NCSC) with a remit to provide support and guidance to public and private sector organisations of all sizes.
For smaller organisations, the NCSC recommends Cyber Essentials which is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber Essentials focuses on 5 key technical controls to reduce your cyber risk:
- Secure your Internet connection
- Secure your devices and software
- Control access to your data and services
- Protect from viruses and other malware
- Keep your devices and software up to date.
We can help you with Cyber Essentials including assistance to implement the recommended controls. We can also also handle the certification process so that you can appear on the public register of certified organisations.