Why small businesses need to increase their cybersecurity as they grow
Making sure you have your devices, data and systems protected from cyber-attacks should be a crucial part of your business’ resilience strategy.
Why you need to think about cybersecurity
22% of Businesses and 32% of Charities have already had a cyber incident, which has cost them on average between £5k to £22k either to resolve the issue or in lost revenue or ransom. (NCSC – National Cyber Security Centre)
Every business nowadays relies on digital technology to function and make a profit. A cyberattack where your laptops stop working or you lose your customers’ data or you are denied access to your financial systems could be the difference between breaking even or not.
Alternatively, if you have had the good fortune of prospering during Covid because you supply services or products in demand, you wouldn’t want your success to be jeopardised by cybercriminals.
As an example, by clicking on a malicious email link, you or a colleague could accidentally download ransomware: criminal software designed to lock victims out of their devices in exchange for money. Such an incident would no doubt be stressful, costly and even damaging to your reputation. The effects could significantly halt your growth plan.
During the pandemic, it is more important than ever to be vigilant. Government bodies including the National Cyber Security Centre (NCSC) have reported an all-time high in online scams. At the same time, teams working from home may not have the security features or awareness they need to avoid them.
What you can do to protect your business?
Our director, Stuart McFarlane-Bedford, recently attended a conference with the National Cyber Security Centre to talk about how best to advise businesses and here are some of the key points.
- Technology – Is not to blame!
It is not just about the technology that the business uses, but how it uses it and who uses it.
It is a partnership between People, Processes and Technology which will create cyber resilience to attacks and improve your cyber security capacity.
People – Need to be given training and be cyber aware
Processes – Need to be have a secure access process, which is understood by the users
Technology – Devices need to be updated with the latest software patches immediately
- People – Cyber Awareness Training
The NCSC has produced a new e-learning training package- “ Stay Safe Online”
The training is primarily aimed at SMEs, charities, and the voluntary sector, but can be applied to any organisation, regardless of size or sector. It’s been deliberately designed for a non-technical audience (who may have little or no knowledge of cyber security), with tips that complement any existing policies and procedures.
It is totally free, easy-to-use and takes less than 30 minutes to complete. The training introduces why cyber security is important and how attacks happen, and then covers four key areas:
- defending yourself against phishing
- using strong passwords
- securing your devices
- reporting incidents (‘if in doubt, call it out’)
Employers can ask their employees to participate in this online training programme – there is no need to book, just watch and learn, at any time.
- Processes – Helping Businesses
The NCSC has just relaunched their Small Business Guide with a wealth of newly updated free cyber security resources.
Sometimes it can be difficult to know where to get started with cybersecurity as a small business owner. The NCSC’s guide usefully breaks down 5 steps to strengthen your company’s strategy. Starting with backing up data, they walk you through what all the jargon means and suggest simple actions that you can take straight away.
You can access the small business guide for free here: https://www.ncsc.gov.uk/collection/small-business-guide
If you would like more information about cybersecurity, please email us at firstname.lastname@example.org and we can put you in touch with one of our associates for one to one guidance.