Cyber security preparedness is more than a nice to have, an SME’s survival can depend on it. In this guest post, Guy Lloyd of CySure explains why
SMEs rarely trigger headlines for breaches in data security and compliance, not because they aren’t a target but because the financial impact is small compared to the big corporations.
However, breaches are all too common and while the cost of cyber breaches to SMEs, including the impact to business operations, remediation work and resultant fines, may not run into millions, it can do untold damage. SMEs are agile and lean in their business operations, and so unbudgeted costs can severely impact finances.
Such is the concern about the UK economy’s resilience to cyber attacks that the Government recently commissioned a study on the cost of breaches which found that organisations are being hampered from managing and mitigating risks by a lack of transparency, awareness and understanding of the costs.
Businesses tend to overlook indirect and long-term costs when assessing the impact, leaving them woefully unprepared for something which in extreme cases, can spell an end to the business.
SMEs in particular are most likely to underestimate the costly impact from non-compliance with cyber security breach-related laws and regulations, therefore leaving them unprepared for any potential fines.
Bumper year for cyber crime
The pandemic has provided cyber criminals with a fertile ground to execute scams and reap the riches. Attacks designed to steal company and customer information have rocketed.
Interpol reported that in a four-month period 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs, all Covid-related, were detected.
With many of us working/schooling from home, our concentration levels have been tested to the max. When under pressure and distracted it is easy to click on a phishing email or unknowingly visit a scam website. The rush to remote working has created opportunities for hackers and any company with lax security measures makes easy pickings.
Work smarter, not harder
In today’s GDPR world no company can afford to be naïve or negligent about regulatory compliance. Cyber Essentials is the UK Government-backed scheme that aims to help organisations protect themselves against common cyber threats. It offers organisations a way to demonstrate to customers and suppliers a commitment towards cyber security and data protection by achieving accreditation and registered certification standard.
Getting started can seem daunting but it doesn’t have to be. Using an online compliance risk management system that incorporates GDPR and Cyber Essentials Plus is a simple and cost-effective way to achieve certification. SMEs should look for a solution that can guide them through a gap analysis to highlight the business areas to focus on.
Cyber security doesn’t need to be complex, costly or confusing. A low cost, simple set of actions as defined in Cyber Essentials can go a long way to protect against common attacks.
Preparedness in uncertain times
Business confidence comes from understanding the risks and the knowledge that, should the worse happen, it is possible to keep calm and carry on. Being certified with a creditable scheme delivers the assurance that SMEs can demonstrate their commitment and attention to bolstering cyber defences.
Uncertain times can hit when we least expect but the benefit of certification through with help from an information security management system (ISMS) is knowing your business is prepared. Now more than ever we should be celebrating business resilience and preparedness.
Guy Lloyd is Director of CySure