Cybercrime is becoming a day to day reality for all businesses, however small businesses can be especially vulnerable for a number of reasons. Small businesses usually have a long list of competing priorities and security rarely makes it to the top of that priority list.
The fallout from some form of cyber-attack can be a financial loss, reputational damage, or loss of intellectual property. To any business these can be damaging, embarrassing and costly, but to a small business they can be fatal. Financial losses tend to have a more significant impact on smaller businesses. Reputational loss can be even harder to recover from as it takes time to regain customer confidence, if you are left with a toxic brand the business may never recover. Many startups are based on a unique idea or product, if that product or concept is stolen or copied, the projected market may become smaller, less profitable or even uncompetitive.
One of the biggest myths in information security is that it has to be complex, expensive and restrictive, however when done properly it should not be. If good information security practices are embedded in a business from the start, they simply become part of the culture, evolve with it and protect the information assets from the start. If your business beats the odds and survives its infancy without a major incident, trying to retrofit the same principles at a later date can become more expensive, more complex, distract from other core activities and in some cases simply fail.
As a first step to gain an understanding of your business vulnerabilities you should complete a formal cyber security assessment that includes a penetration test (assesses the security of IT systems and networks). This assessment will provide the cyber roadmap to address any areas of weakness and allows your business to proactively manage your cyber security.
There are some simple steps to safeguard your business against common cyber-attacks and threats, and are easy and cost effective to implement:
- backup your critical data regularly;
- apply antivirus, security updates, and patches to operating systems, software, mobile devices and applications;
- use multi-factor authentication and strong passwords;
- limit administrative accounts supported by the appropriate access controls;
- use encryption products for laptops and PCs;
- have cyber security and privacy policies and a cyber incident response plan;
- always educate staff, suppliers and clients with a cyber aware culture.
The best way to protect your information assets is by implementing an Information Security Management System (ISMS) and enables certification to the Information Security Standard ISO 27001. Implementing an ISMS is not complex nor costly, it protects your business against attack and involves identifying and managing risks by implementing simple common-sense practices to mitigate those risks.
If all that seems a little daunting, do not be afraid to get some advice. At CQR we pride ourselves on building long term relationships by providing the right advice at the right time to help your business protect its information assets and enable your business to grow in a safer world.
To learn more about CQR and their services click here.
A CQR insight by Giles Rothwell
Giles Rothwell is a security specialist at CQR with over 20 years’ experience in Information Technology. Specialising in penetration testing, forensic analysis and proactive defense. Advising business on all aspects of Information security to avoid many of the common pitfalls that can result in reputational, financial damage, or loss of intellectual property.