Social Network For Security Executives: Help Make Right Cyber Security Decisions
"We're a tiny company, why would anyone want our data? It's not like we're making tens of millions in profit"
Unfortunately, I'm familiar with this mindset.
It was only once I got rid of this mindset that I was finally able to give the cyber threat the respect it deserved.
The thing is, the longer we pretend it doesn't exist, the easier it becomes for cyber criminals to make our businesses targets.
Essentially, it's like heading out to work and leaving your front door wide open all day on purpose.
For the sake of your business, here's the mindset you need to adopt instead.
"My business will be breached"
And yes, you did read that correctly.
There is absolutely no doubt in my mind that you will get breached in the future.
With around 32% of businesses in the United Kingdom being breached between April 2018 and April 2019, it's possible that you'll be part of the statistics.
The CEO of the National Cyber Security Centre (NCSC) wholeheartedly agrees.
He's already said, it's a matter of when not if your business will be breached.
It's now a question of whether you're prepared for the inevitable.
Think about it for a second,
You use technology every single day, your team uses technology every single day. You rely on it to make sure your business can function.
The amount of information, personal and sensitive data that you're risking by not utilising cyber security means you're putting your entire business at risk.
Sure, the business will come to a standstill and you'll have wasted your team's time but you'll feel the impact in a much worse way.
In fact, it won't only be you that feels this impact.
The people you don't want to upset, the people you want to keep as happy as possible, will be livid when they realised you've been breached.
Of course, I'm talking about your clients.
Your clients are right to expect their data to be in safe hands and the businesses who look to avoid cyber security will ultimately have less business in the future.
Even as an SME, your business still needs to utilise cyber security otherwise the consequences can be catastrophic.
1) Imagine being fined 4% of your turnover because you didn't have any cybersecurity in place after being found to be breach GDPR.
Ask yourself, would your business survive if it lost 4% of its turnover?
I do hope the answer was yes because most small businesses wouldn't.
2) Your organisation will be put on pause.
Just recently in November 2019, a French hospital which experienced a cyber-attack were incredibly de....
If they had the foundations in place and had documented processes and policies for their staff to follow long before they had their attack, they would haven't have had to resort to using a pen and paper to file life-threatening information.
3) The damage to your reputation is, in some cases, is defining.
As I've said earlier, your clients are everything for your business.
When you're breached, you have to notify ALL of your clients within 72 hours about the breach.
If your clients then hear that you didn't have anything in place to protect their data, all that trust you've spent years building, will be gone.
They won't want to do business with you, they'll just find a competitor who cares about compliance and cyber security.
In fact, most businesses nowadays need you to have the certification in order to work with them so they can ensure their supply chain is secure.
Now you know you can't ignore cyber security, what do you do?
Contrary to popular belief, you don't need an £100,000 investment or a team of cyber security specialists to take care of your business' cyber security.
You don't need to be Mr.Technical to be able to improve your cyber security either. Anyone (Yes, even you) can do this.
So here's what you can do right now, this very moment, to make you safer.
1) Develop a strong password policy.
Whilst it's important to look into building a detailed information security policy in the future, right now, you could set out a few password rules for your staff which would make your company far less susceptible to being breached.
2) Encrypt your confidential data
People hear the word "encrypt" and run because it's a technical term. In truth, it's quite simple.
Encryption simply means hiding your data and it provides another hurdle for cyber criminals.
I first learned about encryption in this beginner's guide to encryption so feel free to check it out, it's truly insightful.
3) Be selective with access
It's really important that only assess the permissions of your staff. Does your brand new intern have access to the confidential, C-level data?
Once you sort out the permissions, you'll reduce the risk of social engineering. This means if a hacker breaches your brand new intern, they won't be able to access the highly sought after information.
4) Update your software
When you refuse to update your software, you allow the holes in software to remain on your systems. There are brand new patches, fixing security holes, every single day.
Make sure you: