Would it surprise you to know that this year alone over 30% of the UK’s micro and small businesses have reported a cyber attack?
We often hear small and medium sized companies say things like, “we are too small, who would want to target us?” or “we don’t have anything that confidential, I don’t think it is a real risk”.
Smaller companies are often targeted for exactly this reason. Statistically they don’t take information security as seriously as the bigger companies, and don’t invest as much in protecting their data.
But think about it, who are your clients? Any big names or big companies? Does the Head of Finance, from that global company round the corner buy her morning coffee from you? What data do you hold on your clients? Name? Email Address? Mobile number? DOB? Credit Card Number? More? Any of this data could be used to create a personalised phishing scam or a more sophisticated social engineering attack on your client(s).
Not only would this damage trust with clients, it could also leave your company vulnerable to libel claims not to mention rather large fines, for example if you are in breach of GDPR.
Leaving that to one side, is it also true that sometimes a hacker doesn’t care who you are or what data you have. Sometimes it is just a training exercise, hackers have to practise too! How would your business cope if a young hacker locked you out of your systems just for fun? Would you be able to run your business without access to your website, files, server, etc.? Don’t be an easy target for hackers to hone their skills.
SMEs make up a huge percentage of companies and are therefore a large market just waiting to be exploited by hackers. Combine that with the fact that the large companies are investing a lot to enhance and reinforce their cyber security, and it makes sense that SMEs are a much easier target.
In addition, if you are lucky enough not to experience either it the issues mentioned above, what are you going to tell a client or prospective client if they ask how you plan to keep their information safe? Will your answer instil trust? Would you be happy receiving this answer for a supplier?
It is not all bad news – small changes can make a big difference
Let’s be realistic, the risk of being a victim of a cyber crime, either personally or your business has grown exponentially in recent years. However, you don’t have to invest a fortune to start protecting yourself and your company.
Here are a few things to think about to get you started.
- Audit – a good place to start is to take stock of where you are now. What data do you hold? What policies do you have in place? What risks and gaps can be identified?
- Education – Do your staff know how to spot a phishing scam? Do they know the real risks of sloppy password management? Do they know what is private information and what is sensitive information and how to handle this type of information to ensure your company isn’t breaking any Data Protection Laws?
- Contingency Planning- Have you considered the what if? Is your data backed up? What plans do you have in place in case you are the victim of a cyber attack? Could you business stay up and running?
- Hardware & Software – Do you have anti-virus software? Is your software up-to-date? Are there any security patches that should be installed? Are there any vulnerabilities, or backdoors into your system?
If this still sounds overwhelming, please don’t worry, we can help you with all of the above. We even offer a completely free, no obligation, one hour consultation where you can ask us any questions you have, tell us about your company and what your key concerns are. We can start to make a plan and look at any quick wins that could instantly bolster your security.
Contact us to arrange a time to chat.