Launching and running a SME requires guts and plenty of optimism, but you can also have too much of a good thing. The optimism bias helps keep us upbeat and positive – and a hard-working SME entrepreneur sane – but it can also foster a dangerous complacency that can come back to bite, especially when it comes to cyber security.
It’s easy to think ‘it won’t happen to me’ as the news of cyber attacks and breaches gains momentum, but statistically it will. Research by insurance company Zurich found 875,000 UK SMEs were hit with a cyber attack in 12 months, and yet around half of companies still planned to spend less than £1,000 on cyber security in the coming year. Poor preparation and a lack of investments can translate into crippling damage to a small business: in 2016, cyber attacks and breaches cost UK businesses an average of £1,570 per attack. This figure will only have increased as attacks become more prevalent and ferocious.
The statistics are especially scary when we consider what a crucial part of the workforce and business landscape SMEs are in this country. Small and medium sized businesses make up 99.9% of all organisations in the UK and employ 16.1 million people. Leaving such a massive segment of the professional workforce in jeopardy seems counterintuitive – now is the time to act.
This is the message behind Responsible Business Week 2018, an initiative from Business in the Community that features a ‘Would you be ready?’ online tool to help SMEs gauge their level of preparedness. Recognition of the risk – and their own vulnerability – is the first step. SMEs can then start making the changes and implementing the plans that could keep their business safe and able to recover successfully when a cyber attack comes.
The UK Government offer some great resources for SMEs keen to make a change, while Nominet has also created a guide to help businesses stay safe online via our sister site The UK Domain. It needn’t be a daunting or scary process, and those without a technical background can easily implement changes to boost the robustness of the business. Some starting points we can offer, based on our experience of cyber security keeping the .UK namespace safe and secure, are as follows:
- Recognise risk: Keep informed of the current, popular cyber attacks and the methods employed so you understand the risk. Also, carefully consider which assets might be threatened and what would be most damaging to lose. Understanding what matters most to your business will help focus your plans and efforts.
- Train your staff: make sure that all staff are trained in security protocols are kept informed of the latest policies, as well as the reason for doing things. Sharing plans and strategies allows everyone to feel invested in the cyber security efforts, plus if everyone is aware of what to look out for, anything suspicious can be identified and reacted to more quickly.
- Close the gaps: consider the business operations and identify where vulnerable points can be bolstered. For example, encourage strong password practice and ensure all security settings and software are up to date on company computers. If personal equipment is being used for work, make sure passwords are set and files are encrypted if needed – and remind everyone that using public Wi-Fi means that others are able to intercept.
- Worst case scenario: if a business plans for the worst, it can be ready to face whatever comes. Create business continuity plans that allow recovery after an attack and decide in advance the steps to be taken in the event of a breach. Back up key data so there is something to fall back on if things are lost.
- Review, tweak, repeat: cyber security is a continuous process and needs to be reviewed, amended and reinforced regularly. Don’t let complacency sink back in after the first effort! Hold regular meetings to review plans, to discuss current threats and keep everyone in the business up-to-date on what to watch out for and how best to react.
These are just a few of the many ways a SME – and all businesses – can bolster defences and ensure they are in a better position to cope with, respond, and hopefully recover from a cyber attack. It’s time to recognise the risk and ensure the optimism bias doesn’t leave our country’s crucial businesses, the SMEs, vulnerable in the digital age.
Eleanor Bradley was a speaker on the panel at BITC’s annual Resilience Day, Tuesday 24