Well it seems that they may actually be doing the opposite according to new research by the governments Cyber Streetwise campaign.
Despite the fact that last year 33 per cent of small businesses suffered a cyber attack from someone outside their business, it seems that SMEs across the UK have been lulled into a false sense of security by big high profile hacks. More than one in ten (13 per cent) said that hackers targeting global corporations prove that small businesses arent a target. And almost a fifth feel that if big businesses are hit by cyber crime then small businesses dont stand a chance in the fight against cyber criminals (16 per cent).
This may explain why many of those surveyed did not consider cyber security a top business priority, or thought there was nothing more they could do to secure themselves. Only one in five (21 per cent) said they have done everything they can to make their business secure online and the same number said they had more important things to focus on than cyber security.
With all the tasks that small business owners are tasked with juggling, it’s understandable that an IT issue takes a backseat when it comes to their top priorities. Except that cyber security is more than just an IT issue; it affects every other aspect of your business, from sales and marketing to HR, to finance. And many businesses are leaving themselves vulnerable by ignoring the threat.
In January, SME leaders said that their number one business resolution for 2015 was to improve cash flow. However, less than half said they take extra steps, such as encrypting, to protect their financial data and bank details, meaning they are providing one less barrier to entry for cyber criminals.
Whether hackers are actively looking to steal money from you, or delving into your data opportunistically and seeing what they can find, easy access to your financial information can lead to severe financial losses and a devastating impact on cash flow. The governments Information Security Breaches Survey found that the average cost of the worst security breach is between 65,000 and 115,000 and can result in a business being put out of actions for up to ten days.
But a cyber attack doesnt just affect the financial state of your business. The research showed that only 39 per cent encrypted their customer data and 35 per cent HR/personnel data meaning that a cyber attack on your business could not only affect you, but also your current and potential customers, your supply chain and your staff.
Read more about the cyber security debate:
- UK organisations do not fully understand the impact of new EU cybersecurity legislation
- Target cyber hack shows how vulnerable smaller businesses are to digital attacks
- US vs UK: Let the cyber war games begin!
Small businesses hold a wealth of data but many dont realise quite how valuable this data is and how severe the consequences could be if it fell into the wrong hands. For example, a businesss intellectual property could be sold to a competitor and even email addresses can be sold to spammers for a profit.
Although this all makes the online world seem a rather terrifying place, it’s not. Keeping the cyber criminals at bay doesnt have to be complex, expensive or time consuming. Just three simple steps will help keep your business more secure always using strong passwords made up of three random words or more, keeping software up to date and deleting suspicious emails. And if you are looking to take more advanced steps to ensure and prove your business is cyber secure, there are schemes like Cyber Essentials, a new government-backed and industry-supported cyber security “standard” which helps businesses protect themselves against common online threats.
So next time you go to hover the cursor over the “cancel” button of that pop-up box asking you to update your software, or enter “12345” as your password, think about the potential consequences and take a few extra seconds to play your part in protecting your business against cyber crime. Small steps can make a big difference.
James Lyne is global head of security research at Sophos and a supporter of the Cyber Streetwise campaign.
Image: Shutterstock
