Does your SME need a #CyberSpringClean?

The subject of cyber-security has become an ever more prevalent topic of discussion as technology continues to evolve at a dizzying pace.

It can often be overwhelming for smaller businesses, in particular, to understand the full scope of the threatening landscape of potential cyber threats.

The government is continuing to urge SMEs to protect themselves from cyber-attacks, as well as reminding them that government advice is available.

“We are encouraging all small businesses to use the new financial year to have a #CyberSpringClean and get staff involved with protecting the business against hackers.”

As it stands, only one-third of UK businesses have specifically appointed staff whose job role includes any form of internet security. Since the average cyber-attack on a small business costs nearly £900, SMEs need to identify their current weaknesses online.

The figure of £900 includes the likes of staff being prevented from carrying out work due to cyber-attacks or the loss of revenue if a business’s customers are unable to access online services.

Both the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) have announced the new #CyberSpringClean initiative, with the Small Business Guide now available to all UK businesses.

Their research has revealed that for 57% of businesses, the most recent and disruptive cyber-attacks have actually been reported by the staff. This means that only 43% of reported cases have come from the software identifying it itself.

“Having an individual whose job role includes cyber security is directly linked to a faster response.”

“Identifying a ‘cyber security champion’ in your company is a great way to help avoid a damaging cyber-attack or data breach on your business,” Clare Gardiner, director of engagement at NCSC, suggested.

Despite the perceived complexities of the cyber industry, Gardiner has emphasised that “they don’t need to be a technical expert, as we offer some great free advice in the Small Business Guide.”

Nonetheless, it is a question of having the resources available to train these cyber security champions when it comes to recognising the signs of potential threats and attacks.

Gardiner added: “It is important to pick the right person – for example, someone who is good at motivating staff – and give them the tools and support to raise awareness and implement good cyber-security measures.”

Their report continued: “Having an individual whose job role includes cyber security is directly linked to a faster response.”

“Earlier this month, the Cyber Governance Health Check report found that boards at some of the UK’s biggest companies (FTSE 350) still do not fully understand the potential impact of a cyber-attack and called on them to do more.”

35% of businesses claimed that they had employed people whose role are strictly concerned with internet security or governance. Although this is a promising statistic when considering the relatively new threat of cyber-attacks, 68% of businesses have claimed that they view cyber security as a high priority. Yet not all of these businesses have the qualified staff who will be able to handle the likes of a data breach.

Initiatives such as the #CyberSpringClean ahead of the new financial year have been designed with the overarching aim to ensure the average workforce feels about to raise the alarm, as well as helping with preventative methods against cyber-attacks.

Here are the five practical steps the initiative encourages SMEs to take to help reduce the risk of becoming a victim of cyber-crime:

• Data needs to be backed up: By regularly backing up the important data, SMEs can then test how easily it can be restored, thus meaning it can be recovered in the event of a cyber-attack.
• Safeguard your devices: It is simple enough to make sure that there is some form of password protection (complex PIN or password so it is not as easily guessed) on each of the company devices: smartphones, tablets, and computers.
• Up to date: The latest software contains measures to help address the most recent threats—make sure this is constantly updated wherever necessary.
• Two-factor authentication: This prevents the use of or reliance employees may have on more predictable passwords.
• Recognising phishing: One of the simplest ways hackers and scammers conduct cyber-crime is through sending thousands of fake emails. Using advice provided by NCSC, you can learn how to recognise the signs that an email is not what it seems.

“The UK is home to millions of successful small companies, but we know that protecting against cyber-attacks is hard to do whilst juggling all the other issues involved in running a business.”

In their statement, it was revealed: “Earlier this month, the Cyber Governance Health Check report found that boards at some of the UK’s biggest companies (FTSE 350) still do not fully understand the potential impact of a cyber-attack and called on them to do more.”

Only 30% of SMEs have board members and trustees who oversee the area of cyber security in their business. Gradually, UK businesses are beginning to come around to the idea that training regimes need to be implemented. As it stands, 20% have recently had their staff attend both internal and external cyber security training. Nonetheless, that means that the clear majority are still not doing enough.

“The UK is home to millions of successful small companies, but we know that protecting against cyber-attacks is hard to do whilst juggling all the other issues involved in running a business,” said Margot James, digital minister.

She concluded: “We want to make it as easy as possible for small businesses to benefit from being online and to do so safely, which is why we are working closely with the NCSC to promote the practical steps firms can take.”