Although data breaches involving high-profile names are frequently reported, what goes largely unreported are the number of small and medium sized businesses (SMBs) targeted by cyber criminals.
Around 50 per cent of small and medium sized businesses in the UK will at some point experience a cyber security incident; whether this is a major breach, or something less serious, it’s highly likely that the activity will cause significant disruption to the organisation’s operations over a prolonged period of time. It is therefore essential that whilst you have adopted technology to transform your business operation, you should also invest in the necessary security measures in parallel.
Below we share our insights for essential cyber security strategies for small and medium sized businesses, so your organisation can grow and innovate in confidence.
Knowing the threat landscape
Understanding the threat landscape is often the first step in identifying the risks your business faces. A lack of awareness is often where the fault lies in many breaches, so knowledge is key.
Email is often the vector of choice for threat actors to use when seeking to gain initial access, with successful phishing attacks often having catastrophic consequences. Phishing is the process where criminals use scam emails, text messages, phone calls or other social media-based posts to trick victims into doing their bidding. This may involve making the individual visit a malicious website or click on a malicious link, that might download a virus onto the victim’s computer, or steal bank details or other personal information. Phishes almost always imitate real life websites, service logins or other legitimate facilities that you would either expect to receive email from or access as an organisation. Phishing emails will mimic common templates and often look legitimate.
Occasionally cyber criminals will spoof a business’s social media account or website; this enables them to post harmful content, spread false information and as is often seen to act as a platform for phishing. This can damage your organisation’s reputation and trustworthiness amongst your customers and followers. All of the above can contribute to a loss of followers and customers, disrupt your business operations and cause financial loss. It can also result in data leaks and security breaches.
It’s not always about technology, it’s about people too
Investing time in making your team aware of the cyber threats your business faces is a very simple way of enhancing your security, for very little cost. It removes some of the risk associated with the challenge of human error and the potential for social engineering used by cyber criminals.
Helpful resources and accreditations
If you lack a budget for security, immediate self-help can come in the form of resources provided by the UK National Cyber Security Centre which has put together really useful advice available on its website, aimed at meeting the security needs of small and medium sized businesses. In time you might consider attaining the UK Government sponsored Cyber Essentials or Cyber Essentials Plus certification; this scheme helps you guard against the most common cyber threats and demonstrates your organisation’s commitment to cyber security. Achieving this level of compliance will reassure your customers that you are working to secure yourself against cyber attacks – this may attract new business, and provides you with a clearer picture of your organisation’s cyber security posture.
We’re here to help
As a small or medium sized business, if cyber security is a concern and you’re not sure where to start please reach out to us – Redcentric has expertise on hand to advise and support the education of your workforce and implement the controls that will enhance your resilience and drive changes in security culture across your business.
