CYBERSECURITY AND SMALL FIRMS
With the growth of the internet, increased use of social media and faster broadband speeds around the UK, most small firms now undertake an increasing amount of their business online whether it is to sell their goods or services, find new markets or undertake financial transactions with suppliers and customers.
Unfortunately, many small firms think that cyber security is something that will never be an issue for them and that it is large firms that are the target of electronic criminals. However, as the UK Government's 2018 Cyber Security Breaches Survey shows whilst the directors or senior management in three-quarters (74%) of small businesses say that cyber security is a high priority, only 26 per cent have formal cyber security policies and only 19 per cent have any cyber security training.
As a result, two in five small businesses (42%) identified at least one breach or attack in the last 12 months, which is no lower than in the 2017 survey. In almost one-fifth (17%) of cases, it took these businesses a day or more to recover from the breach.
Whilst there can never be a guarantee that an organisation cannot be hacked although the UK Government has recommended a few simple techniques can at least help to protect the business from all but the most determined hacker.
First of all, employees should download software and app updates as soon as they appear as most of these contain vital security upgrades that keep devices and information safe.
Secondly, there should be a policy of using strong passwords made up lower and uppercase letters, numbers and symbols to protect systems from being entered. Despite this advice, more than 50 per cent of people use the World’s top 25 most common passwords with almost one in five incredibly having "123456" as their protective code.
Thirdly, any suspicious emails should be deleted immediately as they may contain fraudulent requests for information or links to viruses. Most security breaches are initiated via malicious emails and businesses should prioritise how they're protecting themselves. At the very least, installing anti-virus software on all devices can prevent infection which can result in loss of trade.
Finally, whilst the responsibility for security lies with the owner manager of the business, it is important that all stakeholders are be made aware of cyber security threats and how to deal with them. This includes not only staff but also customers and suppliers (although only 13 per cent of businesses surveyed recently by the UK Government had required suppliers to adhere to specific cyber security good practice).
Given that attacks on businesses are increasing, this whole issue of cybersecurity is being taken seriously by the UK Government and it has already introduced the Cyber Essentials scheme, supported by industry, which helps firms to develop a basic level of protection against cyber-threats.
These include building firewalls to prevent unauthorised access to or from private networks, configuration of systems to ensure security, ensuring appropriate access by staff to the firm’s systems, up-to-date virus protection, and using the latest supported version of software and applications.
More importantly, this process will help companies to begin identifying areas for cybersecurity improvement in the future and demonstrate to customers that they take this issue seriously.
Businesses would never leave their premises open at all hours without anyone there or their cash in the tills overnight yet in a world where more and more business is being done online, the importance of protecting your business from electronic thieves seems to be something that many firms still need to address properly.
Certainly, an attitude by senior managers of “it won’t happen to me” is not acceptable in a world where cybersecurity is becoming one of the key concerns for all firms operating online and it is critical that businesses in Wales, both large and small, should prioritise not only the technical solutions to this vital issue but also in terms of educating both staff, suppliers and customers on the role they can play in safeguarding the company.