Why SMEs should Care About Cyber Security
Cyber security is a pressing issue
It was a turbulent time for business across the globe in 2020 and, whilst the situation is improving in 2021, there are still obstacles to overcome. Not least of all is the ever-present issue of cyber security: an average of 57% of SMEs admit to a breach in 2020, and 86% of organisations expect attacks to increase going forward.
As business focus on recovering revenue streams and driving growth, investing in cyber security is often overlooked. But with the risk of cyber attacks, data breaches and fines all more acute than ever, covering the basics of cyber security is essential for SMEs in 2021.
Stories from the frontline of SME cyber security
“Security doesn’t matter because my employees are remote”
Remote working opens new security vulnerabilities
This is sadly a very popular position, and one that is actively opening up businesses to an increased risk of cyber attacks. SMEs are still catching up with the landscape change to remote-first working practices, and until that process is complete, the fact is that remote workers can actually create more security risk to your business. This is because your staff are now operating outside the walls of whatever security investment you’ve previously made – and are doing so with reduced oversight. The scope of your security has gone from your office premises to every remote worker’s home and their Wi-Fi networks.
For example, remote staff are at increased risk of phishing attacks, and this type of attack jumped by 350% in 2020. And as we progress further into 2021, the Bulletproof Security Operations Centre is still defending our customers against continued high volumes of phishing attempts.
The cloud is often held as an example of why security doesn’t matter with a remote workforce, but worrying numbers of SMEs never bother to verify that their cloud services are securely configured, or ascertain who’s responsible for what. The grey areas caused by this so-called ‘shared responsibility model’ introduce the most dangerous security vulnerabilities – dangerous because they’re unknown, untested, and unmitigated.
Top tips for securing your remote workforce
Looking for help securing your remote workforce? This Bulletproof blog gives helpful best practice advice for SMEs, and includes an insightful webinar from our Co-founder!Learn more
“Revenue is already down - I don’t have budget for this”
Cyber security services are accessible to all businesses, even start-ups.
Despite the well-publicised benefits associated with SME cyber security (not to mention the risks of ignoring it), our consultants report that impact to budget is often the number one concern for businesses in 2021. But basic cyber security services aren’t expensive, even for small start-ups.
Penetration tests and VA scans are cheap to procure, and can make a huge difference to your security posture. Meanwhile security training is quick, affordable and can be delivered in a way that harmonises with your business practices. Training is also a secret super weapon – the most basic training can turn your staff into a proactive line of cyber defence that can stop all opportunistic attacks. It might only take half a day to effectively train an SME’s entire workforce.
Cyber Essentials is a Government-backed security certification that covers fundamental security measures that apply to every business – from tiny start-ups to multinational enterprises. And when Bulletproof packages for Cyber Essentials packages start from only £295, the cost argument doesn’t stand up.
Every organisation can find budget for these simple steps – especially when they will literally save your business from ruin.
“I don’t have skills in-house nor the budget for dedicated cyber hires”
Find a trusted security partner and get an affordable managed security service
Cyber security is a niche set of diverse abilities and there’s a well-publicised skills gap in the market, all of which make hiring in-house security personnel a difficult and expensive proposition for SMEs. The solution is to hire third-party specialists on a retainer or project basis. Find a cyber security partner with a good reputation, who demonstrates an awareness of SME challenges, and make the most of their experiences. Afterall, they’ve solved this problem before for other businesses like yours. This will deliver a high-quality service without the considerable expense of hiring in staff.
Your free 10-point SME cyber security checklist
For more best practice tips on how to get started with your IT security, our free 10 point security checklist takes you step-by-step through the basics.Download now
So what do SMEs really need to do?
Dangers of ignoring cyber security
Put simply, if an SME isn’t doing the basics then it’s just a matter of time before you’re hacked and your data is breached. In fact, recent research by Vodafone says one million small businesses at risk of collapse due to cyber security threats.
Regulatory action is also an issue to bear in mind. The ICO regularly fine companies big and small for breaches where personal data is affected. Falling foul of GDPR or PECR regulations can have large financial repercussions. As mentioned above, BA and easyJet were both fined around £20 million for their breaches, which grabbed headlines around the world, but many smaller businesses are issued with significant monetary penalties every single month.
But there’s more for an SME to consider beyond fines, reputational damage and data breaches – cyber attacks can also slow down your app development or leak your killer first-to-market ideas. Don’t forget that sometimes hackers just want to cause damage. If you’re one of the 57% of UK organisations who are targeted by ransomware, and you’re not perfect with your backups, you’ll find that you no longer have a business left to salvage.
When it comes to cyber security, the risks are real, but so are the benefits. Getting the basics right is affordable for all sizes of SME and will go a long way to keeping your business stable and in a position to concentrate on growth. Plus there’s the added benefit of enhancing your reputation and building trust with a customer base that’s increasingly aware of security and privacy. This is why SMEs should care about cyber security.
Our experts are the ones to trust when it comes to your cyber security
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.