Are you worried that cybercriminals may be targeting your business? If your answer is ‘no’, your confidence flies in the face of all the evidence. Tens of thousands of UK firms, of all sizes, have already fallen victim to cybercrime and many have lost tens or even hundreds of thousands of pounds. If your answer is ‘yes’, you’re taking a more realistic view. Criminals are increasingly turning to online crime because it extends their reach and makes them harder to track. They target businesses because many firms have gaps in their cybersecurity that are easy to exploit. We know of businesses in the South West of England that have lost hundreds of thousands of pounds to cybercriminals. Their stories don’t make the headlines and they’re not big brands, but that doesn’t lessen the pain felt by the business owners and their teams.
Top tips for boosting your firm’s cybersecurityAccording to research by the BBC, cybersecurity is the number one concern for big companies in 2016. It should be an even bigger concern for smaller firms, which have less inhouse expertise for tackling digital threats.
1. Make someone responsible for cybersecurityYour entire business should be made aware that cybersecurity is everyone’s responsibility. Most cybercrime starts by fooling someone into giving away access to internal systems, meaning anyone could be targeted. That said, someone in your business should take overall responsibility for managing cybersecurity. They will understand the main forms of threat and the best types of defence. It’s their job to communicate with the rest of the business, keeping people informed and alert. New government research shows that three out of four small businesses (fewer than 250 employees) suffered a cybersecurity breach in 2014-2015. This level of attack highlights the level of threat and the importance of this responsibility.
2. Conduct a cybersecurity health checkAn audit of your cybersecurity measures should definitely be on your firm’s to-do list for 2016. As with a financial audit, this is best carried out by someone independent of your organisation, who can bring a fresh perspective and isn’t afraid to ask challenging questions. Last year, one region of the UK took the cybercrime threat so seriously that it set up a business unit of ethical hackers with the specific objective of helping smaller businesses. Ethical hackers are invited into firms to expose weak points in their security systems, by carrying out activities similar to cybercriminals. You might not want to go so far as to hire an ethical hacker, but a thorough health check is recommended. A health check includes:
- Making an inventory of all your digital assets.
- Carrying out a risk assessment.
- Reviewing procedures for handling a cybersecurity breach.