We’ve all heard of the most recent cyber attacks; Ashley Madison, David Jones and K-mart to name a few. What many people haven’t heard is that in 2014, 60% of targeted attacks hit small and medium businesses1.
So why don’t we hear about the smaller scale incidents? In Australia, it’s not mandatory to report cyber attacks. To avoid reputational tarnish, customer dissatisfaction and the chance of repeat attack, it’s no surprise that most businesses choose to stay quiet.
Not only does being a small or medium business make you a greater target, the consequence is also greater than that of a large enterprise. According to research from the Ponemon Institute2, the cost of a cyber attack costs SMEs $755 per capita, more than double the $282 per capita that larger organisations get struck with. And according to a different study3, 60% of small organisations go out of business within 6 months of a data breach.
So why are these criminals targeting small and medium businesses? Cyber attackers know that many small and medium businesses don’t have adequate funds, resources or awareness to protect themselves from even a simple attack.
SMEs are unaware and unprotected so are naturally vulnerable. While all of these statistics seem grim, here’s one that can help every single organisation, irrespective of size or sector:
95% of all security incidents involve human error4.
Now the main problem has been identified, here’s how to fix it: Strengthen your staff.
Take basic steps to protect your company by training your staff and boosting device security. A small amount of effort will go a long way in deeming your businesses as cyber aware, prepared and less as an obvious target.
Still unsure where to go from here? Good security is a balance of people, processes and technology. While expert third party services, such as those offered by RMSEC, are often required, the “people” factor always needs to be a priority.
These tips will strengthen your business, but won’t touch your budget.
What everyone in the company can do:
-‐ Increase password security – never use “password” and don’t repeat passwords for multiple accounts. Include a combination of upper case and lower case letters with numbers and symbols and change passwords regularly.
-‐ Use locks on all devices that require password entry.
-‐ Do not open emails from unknown senders, click on unknown links or download suspicious attachment from emails and websites.
-‐ Do not send any sensitive information via email.
-‐ Update computer software and operating systems as soon as new versions become available.
-‐ Never use a USB stick if you are unaware of its source.
What you can do as a small or medium business owner or executive:
-‐ Increase awareness by creating a cyber security culture. Emphasize the importance of every single staff member cyber security. Make security a priority by sending internal email reminders and using posters and visual cues to prompt people to remember the basics.
-‐ Ensure basic preventive measures are in place, such as antivirus, firewalls, two-step authentication and virtual private networks (VPN).
-‐ Create a set of policies regarding security. Include things like password requirements, mandatory software and operating system updates, information/file sharing and rules on using your own device to work (BYOD).
-‐ Store information in secure locations (electronic or otherwise) and limitstaff access to only the specific information that they require.
-‐ Limit the access that outside resources have to your information, such as social media accounts, website and bank accounts.
About the author:
Emily Woods is the Awareness Associate at RMSEC, an Australian cyber security company offering holistic security with a strong focus on security awareness, communications and training. With social media and article writing as two of her major roles, she is passionate about increasing the awareness of anyone and everyone she can reach. To know more about RMSEC awareness and other services, please visit www.rmsec.com.au or email email@example.com
1 Symantec’ 2014 Internet Security Threat Report.
2 Ponemon Institute’s 2014 Cost of Cyber Crime Study: Australia
3 2012 National Cyber Security Alliance
4 IBM’s 2014 Cyber Security Intelligence Index