Security of information and data in small businesses is a growing concern. Although cyber attacks remain more common in larger organisations, research by the UK government shows that 87 per cent of small businesses have had to deal with a security breach at some point in the past year, compared to 76 per cent the year before.
Cyber criminals have figured out that small businesses and entrepreneurs tend to take information security less seriously, and with the typical budgetary constraints of a small enterprise, often do not prioritise the need for information security. This makes any start-up company, sole trader or small business a prime target for hackers and attacks, and means any entrepreneur needs to be aware of the critical information relating to security of their business.
What do Entrepreneurs really need to know about Information Security?
To understand the risks that a small business or entrepreneur may face in the online environment, it is important to understand what is at risk. The main areas of risk include:
- Your money – the theft of cash from your bank account, credit card fraud and other financial losses
- Your IT based systems and services – viruses, malware and malicious hacks can render computers, servers and software useless
- Your information – your customer details, information about employees, product information, information about deals and marketing and much more.
No matter what size of your business, an attack that compromises any of these areas could be crippling for your reputation, your ability to function and your future.
Who poses a threat to small businesses?
Most people consider criminals to be the biggest threat to businesses, and while professional criminals are known to attack all sizes of businesses, there are some other threats to consider. People who work with you, for you or who you do business with have the ability to compromise your systems, either maliciously or by accident. Business competitors may have the motivation to attack your systems in order to gain an advantage over you.
What threats should you be aware of?
These main threats are the ones which all small businesses and entrepreneurs should be aware of:
- Unauthorised access to or theft of computers, tablets, laptops and smartphones
- Attacks on your website or network from a remote location
- Attacks on a third party system where your information is held, such as your bank or your hosted services
- Accessing information via staff or colleagues who work for you.
What are the impacts of an attack?
An attack can take various forms and have a variety of impacts on a business, ranging from a mild inconvenience to a disaster. You could be vulnerable to financial losses, either directly through fraudulent activity or indirectly through loss of information, intellectual property or the inability to conduct business.
You could also be financially damaged as a result of the costs associated with getting your systems up and running again, and could be liable to a fine if personal data is compromised. Your reputation could also take a hit, leading to loss of business in the future, and should information about your suppliers or clients be compromised, they could end up suffering in the same way, too.
What should you be doing about it?
There are simple measures to implement in order to improve your system security, including using strong passwords, firewalls, keeping software up to date and encrypting data. However, the first step to take is to have a professional company such as the NCC Group undertake an audit of your systems and information. This will identify where your biggest risks lie and give you helpful direction as to what steps need to be taken to protect your business.
Do you have any other valuable info on information security that entrepreneurs could benefit from? Please endeavour to share them with us using the form below.