
How can SMEs protect themselves? ?
Day-to-day activities at SMEs increasingly occur online, even in industries that have traditionally been based on face-to-face interaction. As a result, businesses that have previously been unfamiliar with all things digital may now be facing considerable cyber risk.? One roundtable attendee, a FD of a mortgage firm employing 70 staff, asked what practical measures he could introduce to reduce the chance of a data breach at his firm. Camp explained that the greatest risk of a breach in all businesses, but especially those still relying on face-to-face interaction, is human error. He said: ?The key is to make staff aware of the importance of cyber safety to the business. We are all ?inbox busy? at work, and hackers play on that fact. Some of their tricks are very sophisticated.? Another FD present said her business, an IT recruitment firm, had repeatedly been targeted by hackers posing as HMRC. She explained: ?My ex-boss forwarded me an email last week containing a header which looked like it was from the Treasury, saying he was owed ?4,500 in tax. The email included a link to a page where you could ?find out more?. I told him: ?I hope you didn?t open it!?? Penetration (or ?pen?) testing ? the practice of testing computer systems or networks to find weak points that hackers could exploit ? was one method of mitigating cyber risk the FDs discussed during the roundtable. One attendee, who worked for a charity and had carried out pen testing on his system, said that he thought it a worthwhile exercise, despite the high costs involved. He added: ?Hiring an expert to get through your system?s layers of security is probably the only way of finding out just how vulnerable it actually is.? Camp went on to say: ?Once you?ve done pen testing on your system and you know where your weaknesses are, you can start to build on them, from the centre-out or the centre-in. But, it doesn?t stop someone accidentally leaving a work laptop on a train, or an employee unwillingly making a payment to a bogus client. ?The human fire wall is the one that?s always the most vulnerable. You might have the best tech security going, but the human fire wall is the one where you could always get caught out.? Protecting your firm against cyber risks is increasingly about striking a balance between educating staff, so as to reduce human error, and investing in system security features hackers will find increasingly difficult to bypass. It?s no longer something that can be put off, either. With hackers becoming smarter, swifter and more sophisticated, it?s only a matter of time before a business which refuses to act will fall victim to an attack. If the worst happens, and your firm is targeted, cyber insurance can often step in to offer a ready-made response. ?If your business is breached, you won?t have to worry,? said Camp. ?With cyber cover, specialist teams will run you through that breach, telling you what steps to take and how to access legal advice. They?ll point you in the direction of IT professionals too.?Share this story