If you are willing to put time, effort and money into building a business that operates in a digital age where devices and the internet are used as tools to facilitate some if not all functions of your business then you must be willing to protect your business from cyber threats. With October being Cyber Security Month, you are encouraged to find out what cyber threats UK small businesses are facing, how to identify general and specific vulnerabilities and most importantly how to protect yourself and those you work with.
WHAT IS CYBER SECURITY?
Cyber Security is the protection of devices, services and networks — and the information on them — from theft or damage.
WHAT IS A CYBER ATTACK?
A cyber attack is a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.
WHAT CYBER THREATS DO I FACE AS A SMALL BUSINESS IN THE UK?
The Cyber Threat to UK Business 2017-2018 report, produced by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), highlights the main threats UK businesses face and some of the major cyber incidents that occurred in 2017. The report also provides advice to mitigate against the risks and threats, which is useful for all business owners and their stakeholders to take on board. With the rapid adoption of digital and the Internet of Things (IoT) cyber threats will continue to be a major concern for businesses of all sizes.
Cyber threats include:
- Phishing, SMiShing and Vishing
- Fraud Scams
- Fake News
- Data Breaches
- Supply Chain compromises and much more
WHAT ARE VULNERABILITIES?
Vulnerabilities are weaknesses, or flaws, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.
DON’T ALLOW YOUR VULNERABILITIES TO BE EXPLOITED
If you use the internet to conduct your business you are vulnerable. For all of you who are using the internet to do good and build successful businesses there are others who are using it do bad and who are working hard to find and exploit those of you who are not aware of the risks and/or those of you who are not implementing ways to protect yourself.
If you sell online, imagine waking up one day and not being able to access your website, where all your customer and sales data is being held. You can’t fulfil orders as you don’t have the details. How long can you afford for you not to have access to to your own website, 1 hour, 1 day, 1 week??? Moreover your customers’ personal data is now being collected and shared by an unknown source. You are unable to tell your customers how and why this has happened and who now has their details. None of these scenarios are acceptable and could prove disastrous to your business reputation leading to the demise of your business. Your online store is vulnerable all year round but from now to the end of the year it will be more so due to the high volume of online activity around the Christmas and End of Year Sales season, so can you afford for anything to go wrong at such a crucial period?
If you are a service provider/contractor seeking opportunities to work with larger businesses or organisations, especially national and local government, there is an increasing need to provide Security Assurance. If you do not know what this means then you are in no position to apply for such opportunities let alone be considered or gain them. If you are able to provide Security Assurance on paper without practicing it within your business it will soon become evident and you do not want to be known as that third party supplier that caused a security breach or allowed a virus into a government department.
BUILD AN EFFECTIVE STRATEGY FOR PROTECTION
Cyber Security is not just an IT issue! Whether you are a one man band or have a large team, Cyber Security is a collective effort that requires a multi-faceted approach ensuring everyone you work with practices security at all times.
Strategically Cyber Security requires:
- Good Governance and Leadership
- General and Tailored Training
- Technical and Stakeholder Controls
- Designated Roles and Accountability
- Strict Regulation and Enforcement
- Budget Allocation
- Consistent Review
- Stakeholder Buy-In
If you do not take the above into account then your business will remain vulnerable and you will not be able to provide Security Assurance to people and organisations who you want to work or collaborate with. Your ability to grow will be stunted and you risk jeopardising your own business.
SO WHAT NEXT?
Let’s face it the exciting parts of business such as branding, marketing and sales will always be given much more attention than the boring parts, which for many includes Cyber Security. However from one Cyber Attack all the exciting stuff will most definitely cease and all the hard work put into those activities will be lost, why would you put your business in such a position?? At Logic to Create we believe that the more attention you pay to Cyber Security and protecting ALL your business activities the more value you will add to your business including all the areas that excite you the most. Embedding Cyber Security in your everyday business practice will show a commitment to protecting your business and this is one of the reasons why Logic to Create provides seminars, workshops and consultation to business owners, encouraging them to learn, assess and adopt security best practice to survive the digital age.