Skip To The Main Content

It’s never been more important for small business to act on cyber security


Peter Wilson - Deputy Director for The Office for Security and Counter Terrorism and Head of Unit for RICU (Research Information and Communications Unit) in the Home Office

Cyber crime has featured heavily in the news recently, dramatically highlighting the threat it poses to all of us.

And what has been highlighted is the importance of simple behaviours, such as always installing the latest software updates, to staying secure online. Small holes in your online security, such as outdated software, can lead to much wider repercussions across a supply chain. 

There is a worrying skills gap when it comes to cyber security, with only a fifth of technology chiefs saying they felt well equipped to deal with cyber crime according to a report by BT and KPMG.

If firms with technology chiefs feel daunted and ill-equipped to deal with cyber crime, the scale of the challenge is put in even sharper relevance for smaller firms where that infrastructure so often doesn’t exist. Furthermore, some small businesses are worryingly dismissive of the chances of it happening to them, with a recent survey from Juniper research revealing 27% of UK SMEs believe they are secure because they are ‘too small’ to be of interest to cyber criminals.  

Of those who do recognise the threat, many are still complacent – thinking they’ll deal with it if and when it happens. This is counter intuitive. Picture your business falling victim to a cyber attack. Imagine having to phone your customers and tell them you had lost their personal data, with hours lost trying to get your computers and phones back online, and finally the damage to your businesses’ reputation. With research from Symantec showing that 43% of cyber attacks target small businesses no one can afford to ignore their online security.

Being on the front foot 

Small businesses must be on the front foot to tackle cyber crime but so often it can seem hard to know where to start. 95 per cent of business leaders consider cyber security to be important to their business, and yet only 55 per cent have a formal cyber security strategy, found a recent report by Barclays and The Institute of Directors.

So businesses are being urged to recognise cyber security as business critical and take steps to protect themselves – and consumers expect this too, with 58% saying they would be deterred from using a business hit by a cyber attack, according to research by KPMG and Cyber Aware.

The good news is there are a few, relatively simple and quick steps that will afford significant protection.

• Install the latest software and app updates - They contain vital security upgrades which help protect your devices from viruses and hackers.
• Use a strong, separate password for your email account - Hackers can use your email to take control of many of your personal and business accounts. Use three random words or numbers to create a strong password
• Secure your tablet or smartphone with a screen lock - this provides an extra layer of security to your device
• Always back-up your most important data 
• Seek accreditation through the Government-endorsed ‘Cyber Essentials’ scheme – this is a Government-backed and industry-supported ‘standard’, which protects your business against the most common online threats.

A failure to take cyber security seriously is not unique to business. Recent Cyber Aware research found Britons are not taking their online security as seriously as their offline security.

For example, 82% of households have double locks or deadlocks on their doors and 89% have window locks, but when it comes to online security, only 52% regularly download the latest software or app updates as soon as they are available.

This only serves to emphasise the twofold risk for small businesses, where people’s personal devices often play a key role in their working life.  

As a result of the risk posed through personal devices, new enhanced approaches to cyber security, such as two step authentication are moving further up the agenda across industry. Two step authentication asks you to complete a second step after entering your password, such as providing your fingerprint or entering a unique code which has been sent to your phone, giving your most important accounts an extra layer of security.  

Engaging with these measures – and following the latest advice is critical. Not only do you have to be robust in your business processes but in how your small team manage their own cyber security.  It’s an investment worth making - for minimal time and effort now, you could save your business’ reputation – and bottom line later.