SMEs, get your cyber act together now
Three things you should do right now as an SME to prevent a cyber security attack
Research shows that 34% of UK SMEs don’t believe a cyber security breach is likely to happen to them. But British government statistics show that in 2021 39% of small businesses reported breaches or attacks to their systems. Quite the dichotomy, isn’t it?
In fact, figures from business insurer, Hiscox, show that small businesses in the UK are the target of 65,000 attempted cyber attacks every day, and while most attempts fail, a small business in the UK is successfully hacked every 19 seconds.
In today’s climate, data breaches and cyber security attacks are a matter of when, not if. So how can you best prevent, or prepare for, a potential breach as an SME, if cyber is something you haven’t considered before?
We’ve got three ways lined up to get you started.
Assess your current defences
While much of the talk centres around cyber security attacks being inevitable, there are of course steps you should take to make yourself a less easy target.
If you are a complete cyber beginner you can access free resources and information from the National Cyber Security Centre, where advice is available for small, medium and even large businesses.
The key here will be getting to know what defences you already have in place, understanding key cyber security threats to your business or sector, and how you can begin to patch any gaps using tech, software or training.
There are additional certifications you can gain such as the government backed Cyber Essentials scheme, which can help to protect your SME against a whole range of the most common cyber attacks using a simple self-assessment (or Cyber Essentials Plus, which includes a technical verification too).
Educate your people
In 2019, nine out of ten cyber security breaches were the result of human error. Equipping your people with the knowledge they need to keep themselves and your organisation safe is a must-have in your cyber security arsenal.
And while the default with cyber security training is that it’s a mandatory online course employees do once a year, we believe this alone does not bring the long-term solution your organisation needs.
The best approach when it comes to educating your people about cyber security, i.e. increasing their awareness about what’s out there, how they can look out for it, and how they can protect themselves, is keeping it consistent and personal.
The science backs this up. Did you know that on average people forget 70% of new information within 24 hours of most corporate training presentations, dropping to 90% within one week? Or that cognitive psychologist Jermone Bruner found that statistics are 22 times more likely to be remembered if they are part of a story?
We recommend a long-term behaviour change programme, jam-packed with cyber safety information, stories, and news in a mix of formats - videos, images, conversations, or talks from speakers. Find out more about our programme, CyberSafe, here.
Write a cyber security plan
Document everything you’re currently doing, and how you plan on improving the cyber security of your business to create a focus.
Draft some cyber security policies in accordance to the software or tech you have, or the cyber threats that could specifically be targeting your business. Set time aside for regularly talking about cyber awareness and security with your people. Spend some time researching the best antivirus or antimalware package for your organisation.
These are just a few ideas which will encourage consistency and upkeep of your newfound cyber security routine.
Your plan of action
All businesses, no matter their size, have a responsibility to keep their systems safe from cyber criminals. Cyber attacks aren’t just a case of financial damage - they can also cause irreparable reputational damage and hold up your day-to-day business by blocking your access to your systems.
Start protecting your business, your employees and your clients today by building the foundations for a cyber secure business with some of the tips we’ve mentioned above.
Our cyber safety communications and behaviour change programme, CyberSafe, contains everything your people need to know to keep themselves and your organisation safe from cyber security attacks.
Curious about what it could do for your organisation? Send us an email email@example.com or visit our website insideoutconsulting.co.uk.