To receive our quarterly e-newsletter filled with the kind of news you can use, register here.
With almost all businesses processing and storing their accounting and other data electronically, the issue of Cyber Security is one that cannot be ignored. The risks to a business of a breach include loss of vital information, business disruption, incident response costs and other financial loss as well as potential legal implications.
The Department for Business Innovation & Skills have released the 2014 Information Security Breaches Survey. Some of the statistics quoted make sobering reading:
60% of small businesses had a security breach in 2014, and the median number of breaches suffered by a small organisation was six. The average cost to a small business from its worst security breach in the year was £65k-£115k. Only 35% of small organisations have insurance that would cover them in the event of a breach. 66% of respondents to the survey had contingency plans in place to deal with the worst incident of the year (but only 43% of contingency plans were found to be effective).
There are a few major security threats that small businesses should be particularly aware of:
Infection by viruses and malicious software
This is the most common type of security breach suffered by small organisations, accounting for 45% of breaches in 2014 – and this number is growing.
This can be partly mitigated by having good up to date anti-virus software and making sure that all computers are kept fully up to date with security patches, but this does not provide 100% protection.
Cyber criminals often use a technique called phishing – using an email that appears to come from a legitimate source, often in conjunction with a website that appears to the unwary to be authentic which can then be used to either infiltrate the company’s systems with malicious software or gather sensitive data. The main defence against this type of attack is staff awareness and training to spot these types of attacks.
Poor passwords remain a significant threat to security. SailPoint’s Market Pulse Survey revealed that 56% of employees reuse passwords for the personal and corporate applications they use daily, and as many as 14% of employees use the same password across all applications. On average, employees use only three different passwords and 20% share them with their team members. The annual SplashData tables of the most commonly used passwords reveal that “password” and “123456” tend to stubbornly remain at the top of the list…
The risks relating to poor password usage can be mitigated by implementing a strong password policy on your core network and training staff on methods of selecting a secure password.
Network and website vulnerabilities
A vulnerability is a weak spot in an organisation's network that might be exploited by an attacker. For example, failing to carry out regular system updates is a vulnerability. Making sure your network and website have been designed with adequate security is a job for the IT experts, and will generally cost far less to carry out than the loss if an incident occurs!
For more information, contact Paul Hutchison at firstname.lastname@example.org.