The government’s Digital Economy Minister Ed Vaizey has urged British businesses to prioritise cyber security, increasing investment in protective measures for their own good. Announcing the findings of the PWC Information Security Breaches Survey 2015, Vaizey warned that 74% of small businesses had reported a security breach in the past year – up 60% on 2014.
Perhaps more pressing for SME directors, is the actual cost of these breaches. When asked about the financial impact of the most severe attack, estimates ranged from £75,000 up to £310,800. It is worth noting that this cost could be significantly higher for those businesses who experienced more than one breach during the past year.
Improving security immediately
Because cyber-criminals won't wait for your business to improve security, you need to act now or risk becoming a victim. Unfortunately an effective security system tends to be quite complicated, requiring extensive planning and investment. There is also the question of ongoing management and maintenance of the system – an unavoidable, and extremely necessary cost.
Which is where Cloud-based systems like Google Apps and Microsoft Office 365 may be able to help. Cloud services are operated from enterprise-class data centers, which are in turn protected by enterprise-class security provisions. Even more importantly, security is managed by a dedicated team of professionals, plugging gaps and keeping the hackers away from your data. And that security is included as part of the standard subscription price.
Not just a technical problem
The Information Security Breaches Survey 2015 also reveals that security breaches caused by employees are on the rise. Nearly a third (31%) of SMEs experienced a problem as a result of an employee’s actions over the last year.
The report doesn't go into exactly what the cause of the problems were, but common scenarios would include weak passwords, unauthorised software installations or deliberately malicious activity. As with so many business processes, humans continue to be a weak link – generally through ignorance. Most worryingly, half of all of the worst breaches were caused by “inadvertent human error”.
Fortunately very few workers deliberately set out to cause security problems for their employers, but if they do not know how to use IT safely, they become an accident waiting to happen. To counter these problems, employees will need to be trained to recognise the risks of IT misuse and the importance of adhering to IT best practices. As Bring Your Own Device (BYOD) becomes the norm, and employees use their personal smartphones and tablets to work on corporate projects, this training needs to take place as soon as possible.
But of course, training takes time - first to learn the new skills, then for them to become second nature. In the meantime, your business can take advantage of Enhanced Internet Security by Kimbley IT to automatically block many of the common exploits used by cybercriminals to trick employees into divulging sensitive passwords, or unintentionally introducing flaws into network security through spyware or similar. Best of all, the Enhanced Internet Security by Kimbley IT service can be enacted within a matter of hours, boosting security while your staff learn the skills they need to use your resources and data safely.
Things are going to get worse before they get better
59% of survey respondents also expect that these security incidents will increase again over the next year, implying that owners are aware of the dangers they face. However that understanding now needs to be translated into immediate action to avoid joining the unfortunate majority.
The suggestions outlined above will help your SME get started with improving security. But for the best results, and to ensure that all of your systems and data are properly secured, you'd best get in contact with us.