As we read these news stories about global businesses being targeted by cyber-criminals, but is this a concern for SMEs?
As cyber protection is offered as standard on most hardware and software, do we need to invest in additional IT security?
In this article, we aim to help you to answer that question by investigating:
- The risk: How frequent are cyber-attacks on UK SMEs?
- The impact: What are the costs when IT systems are compromised?
- Flexible working: The effect of remote working on IT security
- Insight: The value of understanding strengths and vulnerabilities in your IT infrastructure
Before we continue, how reliant is your business on technology? Could operations and communication continue if your IT systems were compromised and data was lost?
How frequent are cyber-attacks on UK SMEs?
No business has immunity from cyber-attack. We all hold data and intellectual property and that makes us a potential target. If you think that you are too small to be of interest, think again; any security weakness offers an opportunity for exploitation.
“Every organisation is a potential victim. All organisations have something of value that is worth something to others, every organisation connected to the Internet should assume they will be a victim.” – The National Cyber Security Centre (NCSC)
Attacks on SMEs may not hit the headlines, but that doesn’t mean they are not happening. The frequency of data breaches may shock you. According to Insurance company, Hiscox’s Cyber Readiness Report, there are approximately 65,000 attempts to hack UK SMEs every day. The majority are blocked, however, around 4,500 are successful. It adds up to security compromises in 1.6million businesses a year.
The Hiscox report also reveals an increase in ransomware, with a sixth of businesses facing financial demands from attackers to restore files.
What are the Costs to Business when IT Systems are Compromised?
The latest Government statistics on cyber security reveal that 39% of UK businesses and 26% of UK charities have reported a data breach in the last 12 months. The average cost of these cyber security breaches is £8,460. Once access has been gained, a significant percentage of organisations are repeatedly targeted, leading to crippling costs.
There are also legal regulations that need to be adhered to. In some cases, insufficient data protection can result in a fine.
Beyond direct financial costs, we have to factor in reduced productivity, business disruption and damaged reputation. Customers and employees trust that their confidential data is safe in your hands. It takes work to restore trust, retain customers and attract prospects following a data breach.
The Effect of Remote Working on IT Security
Through the pandemic, IT made it possible for millions of us to work from home. This created a dramatic shift in workplace flexibility. Employees proved they could operate and communicate effectively and remote working is now widely accepted.
Remote working opportunities do attract talent from far and wide, support work-life balance and cut costs. Unfortunately, they also increase security risks. Remote teams make it a greater challenge to:
- Monitor devices and user activity
- Keep staff up to speed with operating practices, security awareness and current business policies
- Ensure malware protection, firewalls and software updates are actioned
Has remote working been taken into account in your IT policies, training and monitoring?
The Value of Understanding the Strengths and Vulnerabilities in your IT Infrastructure
How well is your SME protected from cyber-attack? The majority of business owners have no idea whether their IT security is solid and that’s a risky strategy.
A security assessment offers a cost-effective means of gathering insight into your organisation’s security. It highlights where defences are strong, as well as potential vulnerabilities. This information can be used to make informed decisions about future security measures.
Flex IT has designed an IT security assessment framework based on the National Cyber Security Centre’s Small Business Guide and 10 Steps to Cyber Security. We combine pre-assessment questions and a detailed review of IT systems and infrastructure. Our findings are collated in a report. If issues are identified, we offer recommendations with ‘traffic light’ indicators. This can assist with prioritising actions.
Do SMEs Need Cyber Security?
Returning to our original question, yes, we strongly advise all SMEs to make cyber security a priority. The frequency and cost of data breaches are too high for this issue to be ignored and remote working has elevated the risks. An IT security assessment will provide you with a clear picture of your current setup, enabling you to make informed decisions on where security should be strengthened.