Last week the head of cybersecurity for the US Airforce resigned, explaining to the press that the USA looks like a kindergarten compared to China when it comes to its readiness for internet warfare.
It may be a cutting term but it’s one that really sums up a cybersecurity landscape that goes beyond the US Airforce and even America itself.
There are industries and sectors around the world where cybersecurity measures aren’t always up to scratch.
One of these sectors is the arena of small to medium businesses.
So, in the next in our series of blogs marking Cyber Security Month, we look at the stats that suggest many small to medium businesses have Achilles’ heels when it comes to cyber security.
Then we offer up a range of resources that can help them step up their cyber protection efforts.
The state of cyber security in small to medium businesses
According to the UK Government, only 13% of small businesses train their staff on cyber security and only 19% have tested staff using mock phishing exercises.
The same research suggests that fewer small businesses have up to date malware protection than in 2020 – the figures are down from 87% in 2020 to 83% in 2021.
On top of this, only 77% of small businesses have firewalls, only 33% use a VPN for remote working, and 47% allow staff to use personal devices for work purposes.
Cyber criminals continue to target small businesses, too. The Government reports that 38% of small businesses identified security breaches or attacks in 2021.
The same data revealed that the average cost of a cyber attack on a small business is £8,170 – with this cost taking lost data and assets into consideration.
6 signs your small business has a kindergarten approach to cybersecurity
- You backup your data less than once a week
Successful cyber attacks can affect everything from customer contact details to critical financial information.
Ideally, you should backup your data every 24 hours – whether that’s by backing everything up onto a separate server, hard drive or the cloud.
- You put off software updates
Software updates are inconvenient, but essential. However, more than 90% are there to patch security vulnerabilities in programs.
Ensure your staff know this figure and the importance of updates.
- You have no plan for lost devices
Surveys suggest that 2.3% of laptops assigned to employees get lost every year.
A lost laptop can easily fall into the wrong hands, so ensure your devices can be tracked, remotely locked or remotely wiped if necessary.
- You don’t use two-factor authentication
You might think setting up two factor authentication is beyond the budget of your company, but prices can start from as little as £2, per employee, per month.
- You take a reactive rather than proactive approach to cyber security
It’s harder to fix a cyber attack than it is to prevent one.
If you want to elevate your business’s cyber security efforts beyond the kindergarten level, you should look do four things as soon as possible:
- Carry out a cyber security risk assessment – these will outline the assets your company has that could be at risk in a cyber attack, how these assets could be targeted (eg phishing emails sent to staff), the response required in the event of an attack and key responsibilities.
- Publish your cyber security policies and ensure all team members have read them.
- Include cyber security in your business continuity plans.
- Make time to train staff on cyber security risks and hygiene – see below for a list of helpful and free resources.
- You’ve punished staff for being phishing victims
Cyber attacks can be frightening for everyone involved. However, coming down hard on those who make mistakes can backfire.
Making an example out of an employee who has made a genuine mistake can dissuade others from admitting to their own errors in the future.
The best resources for training staff on cyber security
The good news is that there’s a wealth of training resources on cyber security out there for small businesses.
For starters, you can check out our free whitepaper How to defend your business against a hack attack.
You can also find some good introductory resources on the Small Business section of the Government’s National Cyber Security Centre Website.
Further material can be found on the official Cyber Security Month website.
If you do have the money to invest in more in-depth cybersecurity training, you can also take a look at the Cyber Essentials certification that’s backed by the Government’s National Cyber Security Centre.
The certificate gives you the tools you need to asses the cyber security landscape in your business and to ensure the appropriate defences are in place.
Need cyber security for your website?
At Heart Internet we offer Sucuri Website Security – a product that polices your website for things like malware and Google blacklisting and removes anything nefarious that it finds.
The product is currently on sale with up to 25% off annual packages for the first month.
Find out more on our product pages.