Is it time to get serious about security?
I read with horror a recent news report that claimed 8 out of 10 small business owners believe they’re not at risk from cyber security threats. In stark contrast, 74% of larger UK businesses are putting internet security at the top of their agenda.
So why are small businesses so blasé? In my experience of working with UK SMEs there are three schools of thought regarding cyber crime and threats:
- “I’m a small business – my data is of no worth to anyone, it’s all media hype”
Probably quite correct – most of the data you store is worthless to anyone but your closest competitor. Your systems, however, are worth a lot. Cyber criminals aren’t hacking in to businesses to steal their data, they want to use your server and your internet connection to attack their real target, making them far less traceable. If your systems are used as part of a large scale attack, you can be implicated if you haven’t taken adequate steps to secure your network.
- “I already pay out for antivirus, the rest is just a ploy to make me spend more money”
This is like saying you have smoke detectors at home so why do you need an intruder alarm? Ok, a bit of a poor analogy, but antivirus protects against rogue programmes, it doesn’t secure your network against intruders. To prove the point, EU legislation is being introduced in 2015 at last, to force certain industries (financial services, charities to begin with) to take security seriously.
- “I’ll take my chances, if I bowed to every scare tactic I’d have no time to run my business”
Unfortunately this isn’t uncommon in small businesses and there’s no point getting wound up by it. The trick is to educate – the media continues to report on cyber crime and how it is the biggest terrorist threat of our generation. IT Support providers must find a way of educating their clients without being pushy, focussing on the risks not the sale. Business owners need to open their ears and listen.
A few articles that might be of interest if you’re a small business owner who’s unsure whether internet security affects them:
Small businesses convinced they won’t be cyber attack targets have ‘heads in the sand – Computing (Jul 2014)
Warning that UK’s 4m small businesses have heads in the sand about growing threat of £20bn cyber fraud – This is Money (Jul 2014)
UK micro businesses unprepared for data breaches, study shows – Computer Weekly (Jul 2014)
Unfortunately for small businesses, this really is something that you need to start thinking about.
So what steps can you take to make sure you’re safe and secure?
- AVG Free is NOT right for your business, no matter how free it is. Businesses should be using business-grade antivirus. Some of the well known products (I’m looking at you, Norton 360) have a huge impact on computer performance so are often viewed as a pain. Not all business antivirus suites have this huge footprint, and I personally rave about ESET.
- Consider using file or disc encryption. This ensures that if your data is stolen or lost, nobody can access it without the relevant encryption key. This can usually be purchased in the same way as antivirus software and needn’t cost the earth. Consider DesLock – I love the product and we swear by it at Systemagic.
- If your laptops or devices are often out on the move, 2-bit authentication is now easily implemented into even the smallest business. You know those key-fob things that you sometimes get with Internet banking? That’s 2-bit authentication – you must supply a pass-code to accompany your normal password to let you log in. Fear not though, you don’t need a clunky key-fob anymore – the latest 2-bit auth systems use mobile apps or even deliver your code by text message.
- Maintenance is key – ensure all your systems are protected against threats by ensuring they are up to date with the latest software patches, updates and service packs. If you run a server and network then your IT provider should be doing this for you. These updates might be a pain in the neck but they wouldn’t be sent out unless they needed to be.
- Your firewall is also key – you should have a business-grade firewall that creates a barrier between your network and the internet. This might not stop the most clever cyber criminals but it will slow them down, and will stop the bedroom hackers.
It’s a sorry state of affairs that in a world where the internet puts the world at our fingertips we have to take so many steps to protect our businesses. It’s frightening that 8 out of 10 SMEs are ignoring this stuff but perhaps that hands a competitive edge to those who don’t
Back to our blog