According to the government department for Business, Innovation & Skills (BIS) small to medium enterprises are becoming increasingly susceptible to cyber attacks, putting their confidential information at risk.
In its 2013 Information Security Breaches Survey, the BIS reported that a startling 87% of all SMEs have been hit by a security breach of some description in the past year. Needlessly, this is costing those businesses affected up to 6 per cent of their annual turnover – a figure far higher than what it would cost to invest in preventative measures.
With most SMEs using the internet to do business, make purchases, sell their services and market themselves, all are vulnerable to attacks. So if you haven’t already you must instill basic security practices.
What’s at stake?
Failing to take sufficient precautions could pose a threat to your website, your in-house IT systems, your bank accounts, and sensitive company information.
This could have a disastrous impact on your finances in many ways – either through cyber criminals gaining access to your accounts and making purchases through it, through a financial loss due to a disruption to trading, or through the costs involved in remedying the damage of an attack. You could also incur fines should any personal data you have on record be compromised or lost.
Putting a security plan in place
Firstly, you need to run a risk assessment. Consider what sensitive information you have that is critical to your business and what threats it could be exposed to. What legal stipulations and compliance regulations must you adhere to? It may be worth investigating whether any businesses in your sector have been subjected to any attacks so that you can learn from their experiences.
Look at investing in security controls that can be implemented to increase your defences. Malware protection will minimise the threat of virus infection. Network security is paramount and can be enhanced through the use of firewalls, access lists and proxies.
Manage user privileges to restrict access to IT equipment, systems and information only to those for whom it is vital. Ensure that data is encrypted for mobile workers and those using their own devices. Liaising with us to put a disaster recovery solution in place will ensure you remain productive should the worst happen.
The message form the BIS is clear. Making that investment now may require time and money, but it will save you a fortune in the long run.