Cybersecurity and the rising risk to SMEs

A recent report highlighted that 80% of small businesses in the UK think they aren’t of interest to cyber criminals and don’t believe they need to protect their businesses leaving them vulnerable to attack and even fines for GDPR issues.

The true figures actually paint a very different picture as nearly two-thirds (61%) of SMEs in the UK had some form of cyberattack in 2020 and one-in-six of these firms stated they almost went under as a result of these attacks. 

Cyber Security is one of the biggest threats to SMEs in the UK and owners need to start taking it seriously. The pandemic forced millions of businesses to quickly adapt their services and set up an online solution. For many of these SMEs they have considered the potential security and GDPR issues involved with holding personal and business data on vulnerable systems.

Any UK business that has clients, employees or suppliers and especially if they have an online solution possess a wealth of personal information, but many don’t know what to do or where to start when it comes to securing that data. So, I have put together an overview of how the internet works and some tips to help these small businesses stay safe online.

Tips for keeping your business safe online

· Behind all the buzzwords, the internet is pretty simple: it's billions of computers (well, the technical name is 'servers' but servers are just big, fast computers that serve information) all connected to each other that everybody in the world can access with their own computers.

· The reason the internet is so wonderful, and absolutely awful at the same time, is because there is no central organisation that controls the internet. All you need is a computer and a connection to the internet through an internet service provider. If you have this, you start your business selling shoes or drugs.

· However, as we have recently seen with most of the internet going offline because of one organisation having an issue (Fastly), a small number of organisations have gained a monopoly over certain parts (which is what always happens in unregulated markets, but we won't go there), such as ICANN which issues domain names like naqcyber.com.

· This makes our lives and the livelihoods of millions of businesses completely dependent on a relatively small number of businesses and organisations. If Amazon or Google was to suddenly go offline for a prolonged period of time, the consequences for society (as well as my Netflix addiction) could be catastrophic. 

One thing we are yet to mention of course is hackers and criminals. As we said, the internet by design allows anybody to have, theoretically, access to everything on the internet and this means cyber hackers can access everything on the internet if they know-how. Every business is vulnerable, and as a business owner you have a responsibility to keep your data safe, and legally you can be impacted if you aren’t GDPR compliant.

Hackers are always on the lookout for vulnerabilities that they can exploit. As you can imagine, in such a chaotic system there is a 100% chance that there will be a significant portion of that system that is vulnerable. As the number of computers and users increases, the greater the number of targets (whether they are computers or people) that can be exploited.

 So, what can be done about this? The Pandora's box that is the internet was opened a long time ago and we are too far gone to ever close it again but there are some things we can demand of our governments and large enterprise, as well as actions we can take ourselves, to protect society, our businesses and ourselves, to ensure it doesn't get (even more) out of hand

Cybersecurity solutions: Security and Resilience

Firstly, you must take the security of your company, its data and its people seriously. There are millions of people across the world who want to hack you. Whether that is for a political reason, to defraud you or simply because they want to see the world burn. 

Even large companies with massive security budgets still get attacked. Luckily, you can do a lot to protect yourself without it costing the earth. Make sure you protect your work computers, make sure you comply with laws like GDPR (whilst they can be somewhat onerous, they are there to make sure all of our data is protected) and ensure your team know what to look out for, in terms of phishing emails, and know what to do (updating their computers, not visiting dodgy websites etc.)

Then there is resilience. There is one fact in IT: something will go wrong. You must ensure that you plan for worst case scenarios at your business. Not just caused by hackers or human error, but also in the case of one of your suppliers (such as Amazon or Fastly) going offline. You need to work through everything that can go wrong, understand the impact and, for those things which you cannot tolerate losing, ensure you have a backup plan. 

It is critical that all small businesses start taking this seriously and consider investing in ongoing protection and advice in the same way they would hire an accountant to manage their accounts.

SIX leading cyber insurance companies of 2021

• Recommended for healthcare professionals: The Doctors Company
• Recommended for law firms The Hartford Steam Boiler Inspection and Insurance Company
• Recommended for nonprofits CyberPolicy
• Recommended for retailers: Travelers
• Recommended for SMEs: Naq Cyber
• Best overall: AmTrust Financial

Information by Investopedia

*About the author: Chris Clinton is an experienced cybersecurity expert, with 10 years of industry experience. He is currently the CTO of Naq Cyber, a cybersecurity company specialising in SMEs and based in Holland.