Over the past few years, targeted cybercrime has moved on from being a problem solely for large corporates, and it has increasingly infiltrated the small business landscape. With the rise of Big Data, even small businesses are now responsible for vast amounts of sensitive customer information, collected through interactions including online purchases, social media and website browsing. Securing your business has never been more necessary but difficult.
When you couple this with the fact smaller companies do not have the same IT security budget as larger organisations, it is not surprising that cybercriminals are finding them an easy and lucrative target, with 41% of small businesses falling victim to cyber attacks last year according to the Federation of Small Businesses.
Fortunately, as this problem grows, small business owners are starting to become aware of their own vulnerability to attacks, and many are taking action against them. A study from McAfee recently uncovered that 68% of SMEs are making a concerted effort to educate employees about security risks and threats and over two-thirds of companies provide training in this area. But if small business owners are investing in protection against cyber attacks, why do they continue to suffer from costly security threats?
The threat from within
While small business owners may be afraid of a cyber attack, the study revealed a quarter of employees do not share this concern. It appears that even specific security training from cautious employers is not enough to encourage them to understand the risk, as the results showed that 58% of employees who had been victims of email hacks had previously received training on email security.
This is not an issue that can be taken lightly. Small business employees are increasingly trusted with sensitive data that could be damaging to both customers and the overall business, with 50% of survey respondents regularly handling client contact data, and the same number of employees holding invoice figures.
Here are some top tips to ensure that the security concerns of the CEO resonate throughout the whole business:
Know your data.
Many small business owners are not aware of all locations in which their confidential data is stored. Locate and limit access to private data, so that it is contained securely.
Train your employees.
While some employees will ignore guidelines, clear training is the only way to teach your employees exactly what you expect from them when it comes to cyber security. Employees are more likely to ignore guidelines through lack of clarity than actual malice. The more consistent and clear this message is, the more employees will adhere to it.
Inventory your devices.
The rise of Bring Your Own Device culture means that employees and business owners can be switched on at all times. This is a great benefit to SMEs that need to be on-hand to grasp any opportunity that comes their way, but it does make companies increasingly vulnerable to a cyber attack. Identify and secure all devices your employees use, including USB sticks, smartphones, tablets and laptops.
Protect your network.
With employees logging on at various times and places, this is also a huge threat to the network. Protect network access with virtual private networks (VPNs) and firewalls.
Secure your physical devices.
While online security is, of course, crucial, you cannot underestimate the importance of physically protecting your property. Keep your servers and unused devices safe behind locked doors with limited access.
Protect your website and ensure safe browsing.
Reassure your customers with independently-qualified secure logo positioned on your homepage and protect employees with strong anti-malware software.
Properly dispose of end-life devices and documents.
Physically shred old paper documents (read about document security here) and digitally shred data on discarded devices.
Screen employees thoroughly.
Employees are trusted with a vast amount of confidential business and customer data, so it is important to know who you are dealing with. Conduct thorough background and reference checks before hiring new employees.
It is vital that small business owners communicate the true threat of cyber crime to their employees and promote clear guidelines on how to deal with the issue. An SME is only as secure as its weakest employee, so consistency and collaboration across the whole company is the key to a protected business.