A good cyber security strategy should be built on firm foundations. As the sermon goes, you can’t build your castle on sand and expect it not to sink.
Any organisation can be targeted by cyber criminals. However, SMEs (small and medium-sized enterprises) are at higher risk of being hacked than their larger counterparts. Criminal hackers know that larger organisations are better protected, whereas SMEs often lack the resources to protect themselves against evolving cyber threats.
However, before spending money on the latest security tools or consultants, consider what you could do with the resources you already have.
The risk to small businesses
The results of 2017’s Zurich SME Risk Index revealed that almost one in six SMEs fell victim to a cyber attack within a 12-month period. Of the businesses that were affected, more than a fifth reported that it cost them in excess of £10,000 and one in ten said it cost more than £50,000.
On the flip side, robustness of cyber security is now a genuine criterion for winning and maintaining business contracts. A quarter of medium-sized businesses and one in ten small businesses reported that they have been directly asked by a prospective customer about what cyber security measures they have in place.
Cyber Essentials – the cyber security starting point for all SMEs
In light of these findings, every SME owner, together with senior employees, should take a considered look at their current levels of protection.
The Cyber Essentials scheme provides an excellent tool for organisations taking the first steps to improve their security. The scheme requires businesses to review their protection policies and provides a set of minimum standards to be adhered to, including:
- Using a firewall to secure your Internet connection;
- Choosing the most secure settings for your devices and software;
- Controlling who has access to your data and services;
- Protecting yourself from viruses and other malware; and
- Keeping your devices and software up to date.
With prices starting from as little as £300, the Cyber Essentials scheme provides SMEs – or any organisation, for that matter – with a cost-effective assurance mechanism to help reduce risk and demonstrate that the most important basic cyber security controls have been implemented.
Free download: Cyber Essentials: A guide to the scheme
For further information about the scheme and how it can help you guard against the most common cyber threats, download our free guide. You’ll learn about:
- The current state of cyber threats;
- The business benefits of achieving certification;
- The process of undergoing the CREST-accredited version of the Cyber Essentials scheme; and
- The easy way to get started with the Cyber Essentials certification process.
The EU GDPR (General Data Protection Regulation) introduces a duty on all organisations to report certain types of personal data breach to the ICO (Information Commissioner’s Office). You must do this within 72 hours of becoming aware of the breach where feasible. IT Governance can help you achieve Cyber Essentials certification at a pace and for a budget that suits you. Protect your organisation from the financial penalties and losses associated with data breaches and save up to 20%.