A very good question, and one I’ve pondered on quite a bit. Nobody has to take my word for it that there is a very real threat to SMEs. There are some very credible, as well as some perhaps not quite so credible, sources which can easily be found on the web. One such that I was reading recently estimates that cyber-attacks have increased fivefold during the last 12 months and it’s still rising. Why would that be? One of the issues was moving from office to remote working during the pandemic, and using cloud-based systems and technologies without adequate preparation i.e., done in a bit of panic. OK, that’s understandable, everyone had to keep their business running. But now that office working is once again possible, many companies have found that they quite like the reduced costs in home or remote working and have embraced a sort of hybrid system, where staff work from home some of the time. This has enabled companies to reduce costs whilst still having a decent governance over staff. The problem comes when these companies haven’t fixed the problems they created by moving to remote working without taking the proper precautions.
Last year, statistics revealed around 60-70% of UK SMEs suffered a cyber-attack, and amongst those, only 11% had cyber cover. While we are beginning to slowly see a rise in the number of businesses seeking insurance cover after becoming more aware of the risks of cyber-attacks since the pandemic, we still have a long way to go. Now, cyber insurance is another very thorny issue which really deserves a blog of its own. However, briefly let’s say that there are many clauses in most, if not all, policies that will require named precautions to have been taken, before any pay out can be considered, and those pay outs are not common, shall we say.
In some ways, smaller businesses are more vulnerable to cybercrime, because unlike bigger firms, they are less likely to have teams of IT specialists in place to prevent or respond to a data breach, or the resources to invest heavily in cyber security. According to another source, over one million UK businesses were hit by cyber-attacks in 2018, with an average cost of £6,400, putting many small businesses at risk of closing should the same happen to them.
So, let’s return to the subject of Cyber Awareness. This is a favourite hobby horse of ours, particularly as it affects non-technical staff where it is vitally important for both managers and employees to make them aware of what they could be facing. If you don’t know what threats exist, them how can you look out for the signs, and how can you effectively target your security spend. Likewise, staff have to know what to look out for, how attacks are formulated and how they are carried out. A good motivator for staff is that, to put it bluntly, their jobs are on the line if the business is hit badly and loses money. Most SMEs are running businesses where cash flow is king and they simply can’t afford the kind of hits that are being experienced almost daily now.
It cannot be stressed enough that whilst your staff are your greatest asset, they can also be the biggest threat in regard to cyber security. The majority of data leaks are caused not be personnel doing anything deliberately wrong, but by doing things they didn’t know they shouldn’t.
Here at H2 we have recognised that this is a very real problem. We also understand that many businesses simply can’t afford to have staff away from their desks to attend formal training, and that such training can be costly. So, we have developed an e-learning course, which is modular, and can be taken by staff all at once, or in chunks to suite the staff and company. It is perfect as part of an induction or as a refresher. At £35 + VAT per person, with reductions for block bookings, it is extremely cost effective and the payoff could be considerable. It only takes one member of staff to recognise and block a scam or attack, and the company has made its money back.