It’s no secret that small businesses are often over-stretched with their workload. That’s the nature of running a small business. Very often a business owner is expected to also be an accountant, HR manager, IT expert as well as the boss. So, it’s also no surprise that this can leave small business owners vulnerable to unexpected threats like cyber security attacks.
To understand the challenge better, we asked SMEs what they thought about their own cyber security. Our BFS Q4 SME Confidence Tracker found that nearly three quarters (72%) of businesses do not have robust cyber security processes in place and even more worryingly, over one in ten (15%) have no cyber security processes in place at all. This leaves businesses vulnerable to cyber damage such as having valuable data stolen.
Despite their lack of protection, our research shows that a significant number of SMEs do understand the seriousness of a potential cyber breach. Almost a fifth (18%) of businesses told us that they would either lose a significant amount of revenue or go out of business if their online systems went down for as long as a week.
Whilst many SMEs may think they’re too small to be a target for cyber thieves, this is not the case. Any Internet-connected business is a target. Freely available government advice is vital for SMEs that want to achieve a base level of protection against threats. Since cyber threats have become more common, the government has placed a higher priority on informing and updating businesses of all sizes on the ways they can protect themselves through its Cyber Essentials initiative.
However, there are several extra steps that SMEs can take to make sure that their defences are even stronger. Our research found that less than a third (29%) of businesses have trained any of their employees on how they can defend themselves against cybersecurity risks such as phishing (where someone tries to obtain secure information by posing to be a reputable person or organisation) and ransomware (where a victim’s data is encrypted and made inaccessible unless a payment is made). This is clearly a blind spot in the fight against cybercrime and should be a priority for businesses who want to remain safe online.
Upskilling staff should be high on the agenda for companies that have not previously thought and acted on their cyber security. A good base understanding of the threats and how to deal with them will reduce risks significantly.
If an SME believes one password or a simple firewall alone can act like a chucky padlock on their front door, then they will be caught out when a hacker comes in through one of the many potential windows to their business critical data.
Tom King is head of IT assurance at Bibby Financial Services (BFS)