Do you know where you are on the cyber security scale? In honour of EU Cyber Awareness Month Sam Nixon, Product Owner at Hacksy *, talks about how you only really need to know a few basics to take yourself from cyber denier to cyber savvy. Or to put it in commercial terms, cyber security is more about changing mindset and behaviour than spending thousands of pounds on tools and technology. Let us have it, Sam…
Let’s start with huge potential impacts of a cyber-attack on SMEs…First off the common myth is that only big businesses get hacked. While they’re often the only ones we hear about – because they make the best headlines – a recent report showed 46% of UK businesses suffered a cyber-attack or breach of computer systems in 20161. To be honest, the figure is probably higher; we often work with businesses that aren’t even aware they’ve been breached.
The impact is potentially huge. For a small business, getting hit with an unexpected fine can bring it to its knees. The average cost of an attack, according to RSA, is between £65,000 and £115,0002. And if a business can survive that kind of fine, will they also survive the probable loss of customer trust?
Sam Nixon, Product Lead, Hacksy
For big businesses, it can definitely be very serious, of course, but many have the means to recover, even if it takes time and the share price suffers.
Fundamentally, the attitude to cyber security is the same across all businesses, big and small. It doesn’t come down to how big your IT team is, or how much you spend on cyber security, it comes down to people understanding what they can do, individually, to protect themselves and the company. It’s about shifting behaviours and altering attitudes.
Attitude to cyber security is a business’ biggest weakness
It doesn’t matter how many times you tell people not to click on phishing links, everybody still does. It’s because often we don’t know or understand what to look out for and the potential impact of clicking. And phishing emails can be very convincing.
Last year, one CEO won a tennis competition and the company wrote a news story about it. He then received an email congratulating him and urging him to sign up to next year’s tournament by clicking a link. It wasn’t from the tournament organisers - it was a phishing email! He clicked it and in doing so leaked a load of information to hackers.
In another case, a CEO clicked a link he thought was from his finance department and leaked a load of payroll data to hackers, which they published for fun!
“Cyber security, good or bad, almost always comes down to password strength, phishing behaviours and people’s general attitude to data protection.” – Sam Nixon, Product Lead, Hacksy
You can probably assign the vast majority of hacks to weak passwords, a lack of awareness to phishing and people’s attitude to data protection – often that the responsibility doesn’t lie with them. So start with fixing those problems and you may find yourself with a secure business more easily than you think.
But there’s a bright side for small businesses…Small businesses are unlikely to be targeted by a highly organised criminal gang from overseas. So while the threat of cyber-attack is real, the threat will often come in the form of a phishing attack or password breach.
These types of attack can be stopped if you know the basics of how to protect yourself.
It’s honestly not about spending thousands of pounds on software, penetration testing and audits. It’s about educating your users and using simple, cheap tools to change mindset, culture and behaviour. This is a lot easier for a small business to do than a huge organisation with thousands of employees worldwide.
But we recognise that the knowledge gap is probably bigger and therefore initially harder to overcome for a small business. That’s why we made Hacksy and why there are some simple first steps you can take .
If you’re thinking about accepting online payments, check out our range of secure, customisable online payment solutions .
*Hacksy is an online cyber security assistant. It takes complex cyber and information security topics and makes them accessible through a conversational interface. It’s all about empowering every single person within an organisation to take control and ownership of their own and the company’s cyber security.
1 http://www.telegraph.co.uk/technology/2017/04/19/cyber-attacks-hit-half-uk-businesses-2016/ (Apr 2017)
2 http://smallbusiness.co.uk/uk-smes-growing-cyber-threat-2536035/ (Jan 2017)