A third of small firms have suffered a cyber attack – don’t let it be your company

Silhouette of male hand typing on laptop keyboard at night

The Government’s Cyber Aware campaign is encouraging small businesses across the UK to take action to help improve their online security and protect against cyber attacks

Around two thirds of small businesses now operate online and the digital revolution has helped them to expand and reach new markets.

But with greater use of technology comes increased vulnerability to digital threats: a quarter of businesses have suffered a cyber attack or breach in the past year and the proportion for small firms falling victim rises to one in three (Cyber Security Breaches Survey 2016, Department for Culture, Media & Sport).

The range of attacks is growing, from hacking and malicious spreading of viruses to using “ransomware” – where hackers disable your computer and encrypt all its files, demanding online payment to fix the problem.

Apart from the financial cost of a breach, a company’s prized reputation almost inevitably suffers. Valuable data can be lost and firms face the prospect of prosecution under the Data Protection Act, if they have failed to take appropriate steps to look after customer information.

This makes the latest Government statistics from Ipsos MORI all the more surprising – that only one in three Britons (35 per cent) is following the Government’s latest advice to use strong passwords made up of three random words. It is, according to the National Cyber Security Centre, a part of GCHQ, one of the most important actions you can take to protect yourself and your business from cybercrime.

The Government is investing £1.9 billion to significantly transform the UK’s cyber security and make the UK the safest place to live and do business online. The new National Cyber Security Centre, which began its first day of operations on Monday 3 October, will actively protect the UK from a range of cyber threats and will coordinate responses to cyber security incidents, as well as offering a range of guidance and support to industry.

However, we can all make a difference and protect ourselves from cybercrime. Security Minister, Ben Wallace, said: “Tackling cybercrime not only requires a concerted response from law enforcement and Government, but also vigilance from members of the public. While the Government will invest £1.9 billion in cyber security over the next five years, we can all make a difference and protect ourselves from cybercrime by taking some very simple steps, such as using three random words to create a strong password.”

Businesses are being urged to recognise that cybersecurity is “business critical” and that they must take steps to protect their business. After all, it’s become a big issue among consumers with 58 per cent saying they would be deterred from using a business hit by a cyber attack and that figure rises to 89 per cent for procurement managers, according to research by Cyber Aware and KPMG.

The good news is that protecting your business from hackers and viruses does not have to take a lot of time, work or money. Cyber Aware is encouraging small businesses across the UK to do two simple things which can help improve their online security:

• Use three random words to create a strong password. Hackers can use your email to take control of many of your personal and business accounts. Your most important accounts are your email, social media and online banking; you should also use separate passwords for your business and home accounts.

• Always download the latest software updates. They contain vital security upgrades which help protect your devices from viruses and hackers. And if you don’t think you have anything worth stealing, think again. Cyber criminals can profit from anything from your email contacts to your databases.

Cyber Essentials should also be on your ‘must do list’. It’s a Government-backed and industry-supported ‘standard’, which protects your business against the most common online threats. It sets out five controls which will significantly reduce your company’s vulnerability to cybercrime, and is suitable for organisations of all sizes and all sectors. Not only will your business be more secure as a result, you will be able to display a badge demonstrating you adhere to a government endorsed standard, giving you a distinct edge over competitors. Cyber Essentials certification is already mandatory for many Government contracts and many large firms are now looking to require the same of their suppliers.

Other Government-approved guidance includes:

• Cyber Security: advice for small businesses – a short, simple guide which shows you how to get basic security measures in place to protect your business.

• Cyber security training for business– free online cyber security training for staff, managers and business owners.

• The Information Commissioners’ Office data protection guidance for small business – simple, practical advice on how to keep your customers, suppliers and employees’ personal information secure.

To read this guidance and find out more, visit www.cyberaware.gov.uk/protect-your-business