In this new world of hyper connectivity through web-enabled commerce, how security conscious are our companies? More specifically, do start-ups and SME’s understand the nature of operational risk management in respect of cybersecurity? Historically, start-ups and small business have neglected this area of security as it was thought to be the remit of larger retailers, international financial institutions, and government.
Cybersecurity is an important element of operational risk management for SME’s. To paraphrase Sir Francis Bacon, (English philosopher, jurist, author and statesman in the 16th and 17th centuries), ‘Information is power’. In an attempt to put one element of operational risk management into basic terms, for the purpose of this article, cybersecurity is: Being protected against criminal, or unauthorised use of electronic data, and/or the measures an organisation takes to achieve this.
There are increasing attacks on SME’s, due largely to ease of access to small businesses data, and many managers being put off by the complexity of cybersecurity, leaving them overwhelmed with options and uncertain about how to move forward, all of which yields worthwhile payoffs for the unscrupulous.
It is on this basis that Management Today, in association with Blackthorn Technologies, set out to answer the question of British companies readiness to protect against cyber attack, in their survey, the MT/Blackthorn Cybersecurity Report.
One of the questions posed in the survey was, ‘Is cybersecurity and data protection regarded as a serious priority by your organisation?’ The evidence would suggest that many British businesses are still not fully aware of the potential implications of poor cybersecurity:
- 1.5% Do not know
- 5.1% No, it is not a priority
- 25.4% Yes, it is a priority but secondary to commercial issues
- 68.1% Yes, it is a key priority
SME’s must be mindful that the days of installing a firewall and ensuring that important data not be left unsupervised are gone. In 2014 the vast majority of businesses are passing increasing amounts of important, and potentially sensitive, data via the Internet, and electronic transactions are the norm.
The issues faced by SME’s are mostly no different to those faced by prominent multinational companies, such as Google and Facebook, and can range from accidental loss of data, virus and malware infections, to malicious hacks and fraud, as well as DDoS (Distributed Denial of Service) attacks, an attempt to make a machine, or network resource, unavailable to its intended users. It is generally agreed, by experts, that the threat is real, and is growing at an exponential rate.
It should be noted, basic cybersecurity does not always need to be outrageously expensive for smaller organisations; the following methods can be employed without any real expertise:
- Continuous antivirus software updates
- The use of strong passwords, containing a mix of random alphanumeric characters and symbols
- Never disclosing personal information to anyone
- Secure mobile devices, mobiles and laptops can have encryption software installed as well as remote wiping where available to delete information if a device is lost/stolen
- Regular backups and monitoring of information
- Be aware of emails, IM, and surfing the web, all of which can be a threat
- Train staff to ensure they are mindful of your organisations protocols and safe operating practices
All businesses, whatever their size, have a duty to protect clients, staff and business information to the best of their ability. The financial risk, as well as potential reputational damage is beyond measure, take heed and take precautions. If you are unsure what to do, speak to an expert for some advice.