Cyber attacks on SMEs: Be prepared for the worst

According to the Small Business Reputation and the Cyber Risk report, published by the government's Cyber Streetwise campaign and KPMG, 89% of SMEs that have suffered a data breach say it has had an impact on their reputation. The survey of 1,000 small businesses and 1,000 consumers carried out in the UK revealed that 23% cited cyber security as one of their top concerns.

Of those companies suffering a breach, 31% said the attack caused damage to their brand while 30% said it caused a loss of clients. Over a quarter (26%) found the breach also resulted in customer delays, with 93% saying the attack had stymied the business’s ability to function.

Protection – on a budget

With reputation on the line for SMES, what technology is there to help protect them from fraud and other cyber attacks?

While most have the same data confidentiality and compliance issues as larger organisations, they often don’t have the same security budgets and trained personnel to manage and reduce risks.

Andy Taylor, lead assessor at global certification and accreditation organisation APMG, says that proprietary technology is not the answer. If an SME is using a reputable service from Microsoft, Google, Apple or other tech giants, the chances are much of what they need is already being done.

“What is more important in this situation is that the services and technology they use are properly configured, maintained and used as intended,” he says. “Due diligence on any cloud provider, for example, should ensure the SME is using services from providers who care as much about the security of clients’ data as the client does.”

He adds that the technology SMEs might really want to invest in is a decent hardware firewall, in addition to any software firewall they might have in their router. “They can start from as little as £250 but could cost significantly more than that.”

Be prepared for the worst

Identity fraud now accounts for 46% of all fraud attempts in the UK, according to Experian Hunter data, and organisations are having to invest in ever more complex identity verification and fraud detection technology in order to protect themselves and their customers.

Jim Steven, head of data-breach response at Experian, says it feels as though cyber criminals are setting the pace. The harsh reality is that UK organisations are already behind the curve when it comes to understanding data breaches. According to figures released by the company, the UK government estimates that a data breach costs SMEs an average of £310,000; yet the SMEs surveyed estimated the cost to be £179,990, a shortfall of over £130,000.

“Being prepared for the worst means ensuring your organisation has the pre-emptive measures in place to mitigate the risk of a data breach occurring, a clear plan of action in the event that a breach occurs and a consistent focus on educating consumers on what they can do to protect themselves,” he says.

He adds that a badly managed data breach carries with it the potential to damage to your organisation’s reputation. “Taking a proactive approach to protecting your customers’ data can build trust and will ensure that you’re safeguarding your organisation’s two most important assets: your customers and your reputation.”

Can we talk?

Tim Ryan, executive chairman at UNA, says that cyber security is a complex topic that that many SMEs are reluctant to talk about. This is especially true if a business has a widespread data breach. “There are tools out there to protect businesses from such attacks, such as Cyber AMI (Cyber risk Awareness, Management, and Intelligence), which provides users with cyber risk education, awareness and risk management support up to the UK Government Cyber Essentials standard,” he says.

“Companies should now be assessing their vulnerability to cyber attacks and taking advantage of risk management and insurance solutions to mitigate the potential for these events to harm their business. Clearly, no one is any longer safe.”

Getting in deep

Businesses can’t take a superficial approach to cyber security, as hackers won’t. Criminals will look for any way into your organisations. Andrew Avanessian, vice-president of technology at end-point security firm Avecto says that defence in depth is by far the best way to secure a system.

“By layering different types of security on top of each other, such as privilege management, application control and whitelisting, it provides the best chance of creating a robust environment,” he says.

“Adopting proactive security solutions like this doesn’t have to be a big job. There are ready-made solutions available that are designed to give businesses peace of mind that their system is secure while increasing user freedom and, therefore, efficiency and profitability at the same time.”

Taking a hybrid approach

Many SMEs, while embracing the cloud, haven’t gone all in, so perhaps taking a hybrid approach would be a more suitable approach for these businesses. This allows the enterprise to benefit from cloud technology, but also reduces some risks to the business. A hybrid deployment combines elements of enterprise computing, including public, private and hosted options. It offers more security and networking options, such as the ability to use a Virtual Private Network (VPN). Encryption and data confidentiality can then be more easily implemented and controlled.

While technology provides some protection, it won’t ever be 100% secure in all cases. Full security requires that employees be aware of risks as well as suppliers. A framework that encompasses technology, best practices and knowledge will help in strengthening your SME’s cyber-security measures.

Click hereto make better informed business decisions with the latest news, insight and analysis straight from our experts at ContentLive.