Current Filter: Network>>>>>Opinion>

   

We frequently see retailers and banks relentlessly targeted by cyber criminals. Many SMEs form the view that such targeted attacks are exclusively aimed at large enterprises, but cyber criminals are indiscriminate and only focus on making money. As long as there are identities and credentials to be had then anyone is fair game.

SMEs face exactly the same challenges as larger businesses, but respond with fewer resources. SMEs operate as part of a wider and more global supply chain than ever before, and it's common for tier-one organisations to use security assessment questionnaires to understand how their supply chain partners protect both their own data and that of their customers. According to research published by the Home Office in December 2013, more than three quarters of big business procurement managers require smaller suppliers to prove their cyber security credentials before selection.

A fledging business suffering a loss of customer data can lose the contract - and unrelated customers - as reputational doubt and brand damage proliferate. The Home Office research has also found that 92 per cent of consumers and 95 per cent of business buyers claim that they would avoid a small firm that had failed to protect itself from cyber crime. Beyond that, a data breach can lead to a loss of a competitive advantage if intellectual property is lost, which then finds its way into a competitor's hands. However, the ability to manage the risks through good housekeeping should be simpler given the nature of the SMEs less complex IT infrastructure, and fewer staff.

Beyond the obvious direct targeting of SME businesses, cyber criminals use two other indirect threats. The first involves the use of the web and the second is based on email threats. Many SME enterprises are at risk when employees visit a compromised website or open malicious email attachments from a work device, which then uses weaknesses in security settings or missing patches to load malware onto the victim's systems. The malware then compromises the computer or the browser, and from here the infected system can be used to attack more computers within the company or steal information, steadily sending the compromised data to the criminals.

Achieving security assurance for the SME starts from within, and it can be achieved in a few simple steps. The starting point in mitigating cyber risk is to educate employees on good practice and on the value of the information that they hold and process in their role. This process starts by reviewing what important information a business holds and how it is protected. Once employees understand what the important information is within the business and the consequences of its loss or theft, they begin to understand its true value and the impact on the success or otherwise of their employer - and vitally, how they can play their part through good practice.

The government is also keen to support SMEs in mitigating cyber risk, by offering funding for organisations to address the challenge through the Cyber Innovation Voucher scheme, where organisations can get £5,000 towards security related assessments or testing.

Teaching employees the basics can go a long way. This is easy to say, of course, but thankfully with a few helpful tips it is relatively easy to achieve too:

• Don't click on emails that are obviously phishing attacks
• Make certain that your software has the atest patches applied
• Use different passwords on corporate accounts to those used for personal ones
• Change passwords regularly
• Install and use up to date anti-virus software

These same principles can be applied at home. They will help to protect credit cards, data and IT equipment. While the prospect of achieving cyber security assurance can seem daunting and expensive, it is no longer a luxury for businesses large or small.