Is your business at threat from cyber-criminals?
What we learned at the Yorkshire and Humber Cyber Protect Conference
In today’s digital age it can feel almost impossible to safeguard your business against cyber risk. It’s clear how quickly the security landscape is evolving, with the onset of new threats and the often disastrous impact on affected businesses. Yet what’s also apparent is a growing range of tools to fight back against these threats.
But how do business owners understand the cyber threat in layman’s terms? And how do they distinguish between genuine advice and scaremongering based on fear, uncertainty and doubt?
We attended the inaugural Yorkshire and Humber Cyber Protect Conference last month to find out how the security landscape is shifting and how local businesses can better understand the threats they’re likely to face. There were some fascinating observations.
The Internet: a new channel for crime?
The internet is now at the centre of our lives; from bedroom to boardroom, we’re always connected. Part and parcel is the migration of crime to the digital network.
While the media typically classifies ‘cyber’ as a new area of crime, it could be argued it’s the same activity simply executed using new (cyber) channels. In fact, the perpetrator of a cyberattack – whether a professional thief, criminal gang or competitor – is often motivated by the same goals as a ‘traditional’ criminal, i.e. monetary gain.
To protect themselves from these criminals business owners must learn how to protect the virtual ‘doors’ into their business. Wherever we’re connected – to the internet, to suppliers, to employees – it’s imperative we understand how we’re exposed and how to protect our assets. This need not be daunting. It’s a simple auditing task, as if you were identifying the windows and doors you must keep locked at your premises.
But it’s important that you take this basic step sooner rather than later. The Office for National Statistics (ONS) is now tracking cyber crime quarterly and reports that at least 50 per cent of all crime is now committed online. This means your business as likely to fall victim to crime through the virtual channels as the physical ones.
SMBs are disproportionately at risk
Worryingly, the risk to SMBs from cyber crime is disproportionately high.
Indeed, guest speaker Matt Callaghan – a London-based US Secret Service agent– estimated that 40 per cent of attacks are against businesses with fewer than 500 employees. Likewise, Graham Mace of the National Fraud Intelligence Bureau also reported that of the 1,300 daily calls to Action Fraud, most are from small businesses.
This can be a point of confusion for small-business owners who often, mistakenly think – “why would I be a target? What can I offer a cyber-criminal?”
In a nutshell, every business has something worth stealing or it wouldn’t be a going concern. Add to this that it’s arguably easier to steal £1 from a million SMBs than £1m from a large organisation. And finally, it’s estimated that four in five small businesses have no online safety training in place, which makes the SMB market a significantly easier target.
Keeping the business safe: who’s responsible?
With this in mind, we need to find ways to keep small businesses safer online.
But doing so is not solely an IT responsibility. Your business won’t be kept safe unless everyone is on board – from reception staff and cleaners, to owners and directors. Most businesses don’t set up as experts in tech, but every business owner must take responsibility.
The best way to approach online security is to see cyber crime as a business risk not an IT risk. Framing the task in this way will help even the least technically-minded business owner to start building their defence. After all, the criminals are after your money, valuables, assets, data, intellectual property, reputation – so simply start by thinking about what you can’t afford to lose.
Yes, you will need to protect your network – i.e. your internet connection – with physical IT equipment, but this is only the starting point. It’s equally critical to build a ‘human firewall’, a culture of vigilance when operating online. This means keeping passwords protected, being careful when transacting online and being generally aware.
Working together to help businesses
This may all sound daunting but remember, you are not alone. Yes, while it’s ultimately down to each individual business to sort their virtual defence plan, law enforcement is working in partnership to help tackle the bigger threat. They’ve acknowledged its complexity and the need for public and private sector organisations to work together.
As part of this, there are increasing resources in place to support businesses who fall victim. The Action Fraud helpline – where all UK cyber crime should be reported – has an army of highly-trained staff ready to take calls 24/7.
Similarly, private sector organisations are pledging their support with free workshops and online resources to help businesses get clued-up and be safe online.
The key message is not to be shy in sharing. It’s imperative every cyber crime is reported because often incidents aren’t isolated. When reported, the police can identify links to similar attacks and identify the bigger criminal networks responsible, which in turn reduces the overall threat to SMBs.
What can you change today at your business?
You can start protecting your business today by taking a few simple steps.
- Practice good file management and data protection
- Protect your network with a unified threat management (UTM) or firewall device – contact your ISP or IT advisor
- Create an incident handling guide for whenever a cyber-attack might occur
- Conduct quarterly reviews on your defences and people
- Manage user privileges – who needs to have access to what?
- Be careful when you or your staff use removable media such as USB storage devices
- Educate your home and mobile workers on the dangers of public Wi-Fi
- Build a regular programme of user education and awareness – even if it’s just for you!
Build your knowledge
There's a wealth of free resources to help businesses just like yours protect their virtual channels.
- The Humber Business Resilience Forum
- National cyber security centre
- Financial fraud action
- Get safe online
- CISP (Cyber Security Information Sharing Partnership)
Find out more
We're happy to help any business understand and protect against the growing cyber security threat. Find out more about our cyber security solutions below, download our free infographic, call us on 01482 337733 or email firstname.lastname@example.org.Cyber security solutions for SMBs Security Infographic