Top cyber threats for small businesses
To help you understand the top cyber threats for small businesses and what you can do to avoid them so you secure your business in an appropriate manner here is some useful information and advice.
- Cyber Security is the state of being protected against the criminal or unauthorised use of electronic data, or the measures taken to achieve this. Its purpose is to reduce risk (but not eliminate it) AND to enable your business.
- In 2015, Lloyd’s of London estimated that cyber-attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business.
- Recently research has predicted that the cost of data breaches will increase to $2.1 trillion globally by 2019. Attacks are getting worse and more frequent.
- Small businesses are an easy target and 60% can be breached in minutes. Collectively attacked 7 million times per year, costing the UK economy about £5.26 billion.
- While 93% of small businesses try to protect their business 66% have been a victim in the last 2 years. The median length of time is 80.5 days between intrusion into a system and detection plus an extra 2 days for containment.
- On average it takes a small business 2.2 days to recover from a breach!
- Employees can often be your biggest threat. They’ve become disillusioned and leak a story to the press. There is a big fall out and they quit, release a time bomb corrupting systems and falsifying data. They may email themselves password and sensitive information they needed to
remember. They may accidentally download a spreadsheet with malware or they may be recruited by a competitor to steal customer data, intellectual property etc.
- Your main risks as a small business owner include damage to your reputation or brand damage
Loss of customers, revenue, service.
- Fines from the ICO as a result of Data Protection and GDPR breach.
So what can you do to protect yourself?
- Assess the risks to your information assets (data, IP).
- Think about what information your business holds and whether it’s adequately protected. This should include;
- Policies and procedures
- Systems, websites, apps and their configuration
- Employees – their behaviour and awareness
- Compliance -regulations and legislation
- Third parties – suppliers, partners, contractors
It is important that you make a plan and implement it.
- Determine your risk appetite.
- Understand you’re reducing risk NOT eliminating it.
- Your objective is to be RESILIENT so build an incident response plan and test it.
- Consider using SightCare’s Group Data Protection Officer Refer to CESGs and a reputable cyber security provider.
- Consider insurance and cyber protection certification.
- Refer to CESGs 10n Steps to Cyber Security below.
And most important increase your knowledge. Below are some useful links to supporting information.
- Cyber Resilience: How to Protect Small Firms in the Digital Economy
- Reducing the Impact
- Ten Steps to Cyber Security
- Cyber Essentials