Cybersecurity for SMEs: A practical guide to protecting your business by Nasstar
Think cyber threats only affect large enterprises? Think again. The FSB found last year that smaller UK firms are actually bearing the brunt of online threats – at a combined cost of nearly £5.3 billion. In fact, SMBs are attacked a staggering seven million times each year, despite the vast majority (93%) taking some steps to protect themselves.
It’s clear that the volume and sophistication of threats have outstripped the ability of UK SMBs to effectively respond. And that has a very real cost. The impact of a major data breach or system outage could, in a worst-case scenario, lead to:
- Investigation, remediation and clean-up costs
- Legal fees
- Regulatory fines – especially the forthcoming European GDPR, which from May 2018 will levy maximum fines of up to €20m for serious infractions
- Lost customers
- Brand damage
- Share price slump
- Loss of IP as competitive differentiator
- Increased helpdesk/IT workload
- Service outages
- Staff productivity hit.
PwC estimates the cost to a small business of between £75,000 and £311,000 per data breach, but it could go far higher in some cases. Financially motivated cybercriminals have calculated that SMBs sit at the sweet spot between consumers and large enterprises: in other words, they’re a treasure trove of lucrative customer data and sensitive IP, but typically have fewer resources to mitigate the risk of attack. As such, SMBs can also be an attractive target for hackers looking to attack larger organisations which they may be partnered with.
In the United States, the breach of major retailer Target, which affected up to 70 million people, occurred via a third party contractor with poor security.
The challenge for senior managers is where to begin. You’re not only faced with a determined and agile online foe but also the threat of compromise stemming from deliberate or accidental employee actions. Often budgets are tight. And there’s the ever-present risk of dialling up security too far, to the point where it starts to impede staff productivity.
The good news is that help is at hand. We’ve put together this quick and easy guide to highlight the key threats facing your organisation. And most importantly, what you can do to protect mission critical data, mitigate risk and keep the business running smoothly. GCHQ reckons up to 80% of cyber attacks seen today can be prevented with basic risk management. Let’s see how.