Cyber attacks are a very real threat to businesses today. While large-scale operations may have protocols in place to deal with such issues, many SMEs are at risk believing they are too small to face cyber attacks. However, one in five small businesses stated that it had taken more than a day of lost revenue to recover from a cyber attack.
The NHS global cyber attack of May 2017 highlighted the need to prioritise online security more than ever before - particularly with government statistics estimating over half of all UK companies have faced some form of cyber attack. Business Rescue Expert, leading insolvency practitioners in the UK, have experience in aiding those companies facing financial issues due to cyber attacks, and here share advice on how to safeguard your business.
Lack of cyber security knowledge
One of the primary issues for SMEs facing cyber threats is a lack of technological knowledge / understanding. It should not only fall to the company directors and IT department (where appropriate) but in fact all employees should be trained on basic cyber security awareness. Updating passwords regularly and being aware of or identifying phishing attacks, for example, is a key recommendation. Phishing emails targeted to employees that don't have a basic understanding of cyber security hit the company at its weakest point, often resulting in passwords and other sensitive information being targeted and accessed quite easily.
You may find it a worthwhile investment in further specific staff training to handle cyber attacks, with specialist courses readily available up and down the country. Even a reasonably basic understanding of current cyber security issues and preventative measures could help mitigate the consequences of a cyber attack, and associated damages.
Many companies ignore the threat of internal cyber attacks, but in fact reports suggest a large number of cyber threats can be attributed internally. A disgruntled employee with admin access to the network can make the company very vulnerable. It is therefore a good idea to always keep a record of those accounts with access to sensitive information. There are tools to monitor accounts and day-to-day activity if required. Similarly, those accounts with privileged access must be terminated immediately when the employee no longer works for the company.
If computers and services are not updated regularly, you face severe threats from malware. The NHS cyber attack was the result of an outdated version of Windows XP, which was exploited and, subsequently, shut down the entire system. Employees should be instructed to update systems regularly and taught how to identify malware. It's paramount to also invest in trusted anti-malware software and ensuring it is up-to-date, as well operating systems, firewalls and firmware.
Distributed Denial of Service (DDoS) attacks are, typically, associated with large corporations and have been known to attack the likes of Reddit and Twitter. Unfortunately, there is not much you can do to protect from DDoS attacks as a small business, and the effects can last between 6-24 hours and cost around £30,000 per hour. SMEs are more at risk than ever before, as smaller firms believe they are not at risk from such an attack. However, it's common knowledge that small-scale operations are less likely to have the necessary provisions in place to prevent attacks, and often handle sensitive data, thus they are being targeted more frequently. Although there is little to be done when a DDoS attack occurs, you can reduce the risk with up-to-date anti-malware software, email filtering, regularly updating systems and training employees to identify the risk. You can also measure your bandwidth and monitor any spikes, which could potentially indicate a DDoS attack.
Consequences of a cyber attack for an SME
A successful cyber attack can often cause irreversible damage to your business without proper provisions in place. Financial loss is the most significant threat, arising in many forms such as theft of sensitive, financial information, theft of money, loss of supplier due to breach or loss of revenue. A cyber attack can also prove costly in reinstating your business, including updating software and networks.
The reputational damage to your business could be significant, if you do not make cyber security a priority. All companies rely on an element of trust with their consumers and any breach to their personal data could see them shopping elsewhere.
How to protect your business from cyber attacks
Security breaches can devastate an SME - especially with the legal requirements of safeguarding consumer data and the potential fines. However, there are provisions you can put in place to minimise the risk.
A backup procedure is essential to ensure your company can recover from a cyber attack. If your files are encrypted, it makes it much easier to restore and can enable you to get back up and running in a much quicker time.
Regularly updating computers and ensuring they are running on the latest installation process is also key. It's essential you communicate the importance of this to employees who may ignore update notifications, putting your business at increased risk.
Employee training is crucial to protecting your business. Accidental clicks on harmful emails are one of the primary entry points for hackers, and your staff must be aware of how to deal with phishing emails.
A well-executed cyber protection policy will ensure your company can enjoy a long and successful future - particularly in the digital age.