With a 15.2% increase in business growth in the South East region over the last two years, opportunities for cybercriminals to attack have also increased. The average cost of a cyber-attack for micro and small businesses that lost data or assets after breaches was £8,170, this increased to £13,400 for medium to large businesses.
These figures are alarming and rightly so, business owners work extremely hard to run successful companies. The Cyber Resilience Centre for the South East works closely to support and guide businesses across the South East region through the complicated and often treacherous waters of the world of cybercrime.
We exist to help you reduce your business’s cyber related risk and to increase your cyber resilience. We do this by developing your knowledge in key areas so that you can implement basic methods of cyber hygiene. If you left your windows and doors open at night, your risk of burglary is significantly increased. The impact of leaving your website unprotected or not doing regular software updates has the same level of risk, as they are your digital entry points as opposed to physical.
To help you to guard your business from cyber-attacks in the way you would protect your premises against fire and flood, we offer a free membership package. This is not a membership package that puts heavy demand on you, instead it allows you to have the opportunity to have a jargon free 1:1 conversation to help you understand your current business cyber related risks and gives you access to regular simple, easy to follow guidance, tools, and resources.
One area we can work with you on is to improve your policies around data protection and privacy. With a recent report disclosing that of the businesses who took part in the report, only 5% of companies’ folders were properly protected from cyber criminals and that 17% of all sensitive files are accessible to all employees. Acting on these vulnerabilities could significantly reduce the impact of a cyber-attack where hackers gain access to confidential and sensitive information.
With this in mind, when was the last time you checked how your business's data is being used?
Here are 4 steps you can take to keep your businesses data safe:
Step 1: Learn the addresses of your data Often, businesses store data on multiple media types including local storage, disk based back up systems, cloud solutions, and more. A simple place to start is to understand exactly what lives on each form of technology and in what format it requires its own type of protection.
Step 2: Implement a need-to-know policy To reduce the risk imposed by human error or curiosity, businesses should create policies that limit access to data, meaning only those that require access have access. As a business, you should consider means to track access log entries, so that unpermitted access will not go undetected.
Step 3: Toughen your network security Networks are normally protected by a firewall and antivirus software, but these will not be effective if they are not up-to-date and working within the latest software versions.
Malware is a cyber security threat that mutates daily and as a business, it’s key that your antivirus software is up to date in order to keep up with these mutations.
Bring your own devices has been a rising trend for businesses in recent years, however, the COVID-19 pandemic meant that this wasn’t a trend or choice for many businesses when they were forced to close their business premises. This meant that there were many businesses who had employees using their own devices in order for a business to continue.
As a result, it’s a philosophy that is here for the long run and your business's security policy and processes should include the use of personal devices for business purposes.
Step 4: Don’t hang on to data baggage To proficiently manage data as a business, creating a data lifecycle management plan will help you delete old and obsolete data. Things to consider when doing this are:
Identify the data you must protect and identify how long this must be kept for
Ensure you are looking at offline and offsite tape back up’s when tidying out your businesses data
Ensure you have an incident response plan in the event a successful cyber-attack takes place
Consider non-digital data such as paper files and hardware files as these can hold out of date data
Securely dispose of hardware that could contain out of date data, this could be photocopiers, scanners, or even outdated voicemail systems.
Ready to learn more? Businesses in the South East can sign up for a free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.