We live and work in a digital age. UK consumers are the biggest internet shoppers in Europe and businesses are embracing digital technologies to become more productive. But our reliance on the internet is not without risk and we still need to work on our cyber security.
A government survey found that businesses have a 1 in 4 chance of being affected by an IT breach in a 12-month period. Many of these cyber security breaches were a consequence of using the internet, with the most common being viruses, spyware or malware (68%), or breaches involving impersonation of the organisation (32%).
While many businesses saw cyber security as important, a large number have not fully understood the risks to their business and what action to take.
Help for small businesses
Guidance aimed at small businesses is provided in an online publication Small businesses: What you need to know about cyber security which outlines three important steps to tackling cyber security:
• getting the basics right
• adopting a risk management approach
• adopting Cyber Essentials.
Cyber security: the basics
There are a number of simple actions and changes in behaviour that will help improve security, such as:
• downloading software and app updates as soon as they appear on devices and computers
• using strong passwords
• deleting suspicious emails
• using anti-virus software and
• training staff. It is vital that your staff understand the importance of security. Further advice on training is provided in the online publication and the government also offers free online training courses.
The small business guide suggests a risk management approach to cyber security with four steps:
Understanding the risks – consider what is at stake if the business suffers a breach: money and IT equipment, information (from customer details to trade secrets), and even the reputation of the business. Think about who poses the risk – it could be malicious hackers OR accidental security failures by employees.
Planning – ask questions such as: what information assets are critical to the business? What risks could they be exposed to? How would the business continue to operate if systems were attacked?
Implementing – put in place security controls to protect the equipment, information and IT systems, and explain responsibilities and best practice to staff.
Reviewing – implement routines to review and test the effectiveness of controls in the business.
To help businesses protect themselves from common internet-based threats, the government has developed Cyber Essentials. The scheme has two functions: to provide a clear statement of the basic controls all organisations should implement and to provide an Assurance Framework to demonstrate to customers, and others, that they have taken these essential precautions.
The government recommends that all businesses that operate online, sell goods and services online, or store customer details and personal data, should aim to adopt Cyber Essentials as a minimum. Find out more here.