Think about the cyber security of your business. Are you confident that your data, devices and operations are protected? Or are you worried that you’re one rogue email away from disaster? We spoke to Empiric Partner’s cyber security expert, Peter Elliot, to find out what makes small businesses particularly vulnerable.
Peter, we all know we need to take cyber security seriously, but are the risks for SMEs really as high as we’re told?
I’m afraid they are. It sounds dramatic, but every business is at risk of cyber-attack, and this risk increases every single day. Criminals are finding new ways around security measures, and the only way to protect your organisation is to be aware and keep up with the latest approaches to protecting your data. Here’s a shocking statistic: nearly 40% of UK businesses* suffered a data breach in 2022. If that doesn’t make you think about your cyber security needs, then you’re braver than most!
So why do so many businesses not take this seriously?
I’m not sure that they don’t take it seriously, but cyber security is one of many competing needs of a business: leaders are busy, and there are often other priorities. Many SMEs think they’ll get to it eventually and hope that they’ll be okay in the meantime. Hope is not a strategy for success! Unfortunately, it’s a bit like insurance: we think we’re covered until we have a problem – like a car being stolen. We realise too late that we are under insured and our perception of what we need changes dramatically. Businesses who have experienced a cyber breach take their cyber security extremely seriously from that point forward.
What’s the first thing you advise businesses to do?
That’s easy: get Cyber Essentials. It’s a UK-Government backed, national standard that will protect your business against the vast majority of cyber-attacks. If you’re worried about the security of your business, it’s a really thorough way to identify where your risks are. At Empiric Partners, I work with SME clients on this in two ways. If they don’t want Cyber Essentials certification, I guide them through the process and help them plug the gaps that make them vulnerable. More often than not, clients then decide to apply for certification, and I also help with this. Not only does this give them validation of the work they’ve done to improve their cyber security, they also have a way to demonstrate to their customers and suppliers that they take their cyber security seriously.
But if the risks are changing daily, how do businesses keep up?
That’s the beauty of Cyber Essentials. I set my clients up with tools that help them stay compliant on a daily basis. That means that when you go for your annual recertification, you can be confident that your systems and process are already up to date and working as they should be, so your risk is minimised.
What’s the weakest link for most businesses?
I’m sorry to say that it’s staff members. Business is all about people, process and technology, and cyber security is no exception. Your tech can go some way to protecting you, but your staff are the frontline. I heard a great phrase about the importance of training your employees in cyber awareness: you’re building the human firewall. The reality is that when criminals find technology barriers in their way, they go after individual people. Here’s another scary statistic for you: 83% of data breaches start with a phishing email*. Helping everyone know how to spot these is just one of the many reasons for cyber security training.
Finally, can you give us your three top tips for getting an organisation in good cyber security shape?
Just three? Now that’s a challenge – I have dozens! But for now, here are my top three.
- Use multifactor authentication (MFA) wherever you can. You might not want to hear this, but passwords are inherently insecure: they can be guessed, copied, stolen…they’re pretty useless when it comes to protecting your systems. MFA is always the best option.
- Train your employees to understand the risks and to be vigilant. If they can spot a phishing email, that’s a great first line of defence to protect your business.
- Remember that it’s not just about the cyber security of your business. Your staff need to make sure that their personal data is secure – emails, bank accounts, social media. Encourage them to use multifactor authentication on all their personal accounts. Criminals won’t hesitate to target your organisation through your team members, so helping them will help you too.
* Cyber Security Breaches Survey 2022 – Gov.UK
To reduce the vulnerability of your business to cyber attack, talk to Peter Elliot at Empiric Partners. We’ll work with you to understand your risks and put solutions in place to keep your business safe.
Contact us for more information: info@empiricpartners.com or 01256 338440.
Helping you navigate the challenges of today’s complex & ever-changing world