Events Insurance Financial Director, Paul Telling, highlights some of the common mistakes that SME's make when it comes to cyber security. With significant penalties for companies who don't do enough to protect themselves, here are some simple and inexpensive things you can do to change your approach to cyber security.
The Financial Conduct Authority (FCA) recently reported that since 2014, there has been a massive 1700% increase in the number of cyber attacks. Not only this, but the scale and sophistication of the attacks are growing and pose a ever increasing threat to financial service firms. Unfortunately SME's are the demographic that are at most risk of an attack and do not always have significant proceedures in place to protect the sensitive information that they hold.
Here are 6 common mistakes made by SMEs, and Pauls advice on the what can be done to avoid these.
The common misperception is that having anti-virus software will prevent a cyber-attack. Whilst it offers protection against a virus-type attack, you should also ensure you have the following:
- A good email filter to filter out suspicious emails
- A website filter to prevent access to sites which are “dishonest”, or which may have been breached or corrupted
- A behavioural based anti-virus, which considers suspicious behaviour rather than just relying on updates and patches
Always make sure your anti-virus software and protection is up to date
Scarily, 60% of all cybercrime is because of human / user / staff error – rather than technological failure. Staff should be able to:
- Recognise phishing and spoofing emails
- Know what to do if they are suspicious of an email
- Understand what is at risk
- Understand the implications
It’s a good idea to test your staff and procedures by sending them suspect emails, and see what happens!
Of course, having a backup is essential. But don’t forget to consider how long it takes to restore your system from a backup – 3 hours? 3 days? 3 weeks?!
Make sure you test that your backup does actually work, how frequently the backup is scheduled for and how easy it is to “recover” large amounts of data
As a Finance Director, I am the first to question any kind of expenditure and make sure it’s absolutely necessary. But the cost of any business interruption, downtime, impact on brand credibility, loss of future earnings etc as a result of a cyber-attack will always outweigh any initial investment in business protection
Security Slows Down The Business
There is a misapprehension that the time involved in the planning, setting up and testing of security systems is time consuming, and draws resource away from other, “more important” areas of the business. As above, the time spent in implementing the system security will always be significantly less than the time spent in recovery
“I’m fine. My IT company deals with this”
Don’t get confused between IT “support” and IT “security”. Support is what you will be offered after an attack, security is prevention but is too-often overlooked within service contracts. Make sure you go back over any existing SLA’s and contracts with tech service providers, and review these regularly
If you would like to find out more, visit the FCAs website where a broad range of information and guidance is available to help your business become more resilient to cyber attacks..