How to protect your SME from hackers

Many small to medium businesses have beem intimidated by the recent cyber attacks on larger brands; and with good reason! In late April, Sony suffered one of the “largest ever Internet security break-ins” with 77 million user accounts being stolen, which included information such as names, addresses and credit card details too. The data breach is estimated to have cost Sony 115 million Euros, on top of significant brand damage.

According to Symantec,  data breaches cost the average company $2 million (nearly 1.4 million Euros) per incident. But if you’re a small business and get faced with that sort of bill, then you could see yourself  going under very quickly.

With  more pressure being put on SME’s to protect themselves  from hackers, it’s a wonder why so little security work is actually being done in the SME sector. Many small businesses are yet to protect themselves correctly from hackers, due to two main assumptions:

1) They believe that they won’t be targeted. Surely hackers are only going to go for big brands? They have more to lose and therefore more to steal.

2) Preventative methods of keeping your business’ information secure are too costly. Why should you pay tens of thousands of Euros in consultancy fees for something that might never happen? Spending money on a problem that isn’t even there is a waste of money.

Both these assumptions are wrong.

Hackers will attack any website/database that has got something worth stealing or exploiting. A burglar doesn’t just rob mansions; they’ll break in to any house or flat purely on the basis that they’ll come away with something for free. The same principle lies with hackers – if your business has something worth stealing (i.e customer names, addresses, credit card details etc), then you could be a victim too.

In regards to costly preventative methods – this isn’t always the case. Sure, if you’re a large company and can afford a consultant to come in and tell you what the best method would be then there are those options out there. But there are also options for SME’s who have a low budget. These are often in-house solutions that are cost-effective, easy to deliver and provide a secure solution to protecting your business from a cyber attack or data breach.

So, to protect your business from hackers, you need to make a number of small changes:

  • Make sure you have basic but up-to-date protection on each computer – firewalls for example
  • Encrypt any personal data, such as customer information
  • Make sure all your employees are using strong passwords and screensavers. We’re not just talking about 6 letter passwords, but at least 9 character passwords that MUST include letters, digits, special characters and/or capital letters
  • Secure wireless networks
  • Back up information
  • Increase staff awareness on information security: put up posters, set out rules that everyone can access.
  • Read more in Ten Rules of Information Security for the Smaller Business

These small steps are achievable for even the smallest of businesses and will provide you with basic protection.

BS25999 Certified BCMS Lead Implementer Masterclass To take the next step you should think about ISO 27001. ISO 27001 is the best practice specification that helps businesses and organisations throughout the world develop a best-in-class Information Security Management System (ISMS). It can help organisations create a framework that is compliant with many regulatory standards. To understand more about information security and ISO 27001, read Alan Calder and Steve Watkins’ IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002, Fourth Edition.