Out with the old, in with the new
As business owners, many will reminisce about that bygone era when customers walked into your shop/office and paid for your goods or items (usually in cash) and left feeling satisfied with their purchase. In today’s world, how we do business has changed significantly.
Many businesses now use e-commerce facilities to display their products in a digital environment and reach customers around the world. Gone are the days in which we solely attract customers via our shop displays, our premises’ fresh lick of paint, our interior set-up (but, of course these are still important) and in are the days in which we build attractive websites, share enticing posts on social media and target customers via email.
Customer expectations have changed. There is a need to deliver a personalised experience, quick response times, ease of purchase and an ability to service customers across the globe. This ‘always on’ approach has pushed many businesses to embrace technology often without due consideration for the risks involved.
With the transition from traditional to digital comes the introduction of new threats – cyberthreats. A term we so often hear of but so rarely take the time to think about. What does it mean? What can you do to protect your business, your customers? How likely is it that cyber criminals will attack my business?
Put simply, these are threats made to your business via digital means to extract money or information from you. Interestingly, the biggest financial gain for cyber criminals is through access information/ company data. Customer email accounts details can attract bids of between $5-10 per account on the dark web (where cybercriminal trade) with cloud service accounts details such as those exposed in the Facebook or LinkedIn breaches, reaching almost $15 each.
Fact or myth
There are many myths associated with cybercrime and the most common one is that ‘my business is too small to be a target’. 51% of SMEs in Ireland suffered a cyber-attack in 2020 according to a recent PWC survey with 61% of those having at least two separate incidents. In reality, it is not the case of ‘if we have an attack’ but ‘when we have an attack’.
There is an ever-growing need for businesses to take cyber security seriously (which, simply put, is what you need to keep your network, servers and data safe from unauthorised access or criminal use). Since the Covid-19 pandemic was first declared, cyber crime has increased by 600%.
What many business owners fail to appreciate is that there is a legal requirement to protect the data you hold. The General Data Protection Regulation (GDPR) which was introduced into Irish law in 2018 requires all businesses to not only protect the data that they hold, but requires them to report a data breach within 72hrs of it taking place. The Data Protection Commissioner in Ireland dealt with more than 6628 valid security breaches that occurred in businesses in 2020 alone according to the Irish Data Protection Commission’s Annual Report.
Good cybersecurity is an essential
Cybersecurity is more important than ever, with the proportion of businesses attacked surging from 38% to 43% during Covid-19. In these difficult and uncertain business times, SMEs are looking for effective ways of protecting their business and employees. One of the most effective ways to do this is to invest in improving your cybersecurity. For many small or medium business struggling with cashflow issues, a cyber attack could be disastrous for the company. A substantial number of SMEs that experience a cyber attack will go out of business within 6 months, according to security expert Robert Johnson from Cimcor. Yet many small businesses fail to see a return for their investment in cybersecurity.
Setting a cybersecurity budget
I’ve heard it said that ‘if you are spending more on your weekly coffees than you are on your cybersecurity budget then you should think again!’ If you do some simple mathematics, you can easily see that a €4 coffee once per day for a sole trader would give a security budget of over €1000 per year (which is healthy!). Good cybersecurity could prevent reputational damage to your business. Security doesn’t have to be expensive, but it should be fit for purpose for your businesses. We’ve listed the top ten cyber essentials for a small business to consider below to provide a basis for assessing your current cybersecurity.
Top Cyber Essentials
- Employee Training – Employees can act as a weak link in exposing a company to cyber-attacks. Providing cyber training can minimise the likelihood of an employee opening a phishing email, for example. Setting procedures in place for employees to follow in the event of an exposure is essential.
- Spam Filter – Limits the intrusion of phishing emails which cyber criminals use in the hope that just one employee (that is all it takes!) unwittingly clicks it.
- Two-Factor Authentication and Passwords – Prevent unauthorised access to company devices and heighten security to sensitive information by implementing two-factor authentication and strong passwords. Advised to change passwords regularly to prevent breaches due to lax behaviour.
- Antivirus – Install an effective anti-malware software on all company devices to increase protection, including company devices employees are using whilst working from home.
- Patch Management Software – Manages the installation of updates and runs scans afterwards to close security gaps that have been detected.
- Bring Your Own Device Action Plan – If employees are using their own mobiles/laptops to access work information, like emails, ensure their devices are pin-protected, data-encrypted, and not accessed by others in their inner circle. Have procedures in place for lost/stolen devices. 23% of cyber-attacks originated from employees accessing company data via their phones in 2020.
- Secure Wi-Fi Networks – Never access company information whilst using a public Wi-Fi network, ensure. Make sure networks used are secure, encrypted and hidden. Private VPNs are advised.
- Limited Access – Employees do not need access to everything (this is a traditional way of thinking.) Only grant access to information employees require to fulfil tasks.
- Backups – Don’t just store data on one hardware system. Avail of cloud services which store data electronically so that, in the event of a fire/unplanned incident, important data is not lost. Backup automatically or at least weekly.
- Secure Payments – Work with trusted banks or processors that have been validated and operate using trusted tools and systems.
Benefits of good cybersecurity
- Limits the exposure to cyber threats and potential disruption.
- Instils both consumer and supplier trust and confidence in your business.
- Enhances staff’s security awareness.
- Allows for the focus on other key areas of business.
- Leaves room for innovation, adding to growth and revenue.