From Brute Force to Breaches: Why All Businesses Need to Protect Themselves from Cyber Threats
Cyber security is an increasingly important aspect of running any sized business in the digital age.
While it’s true that large corporations may have more resources to invest in cyber security, sole traders, micro and small businesses should not ignore the importance of protecting themselves and their company against cyber threats.
Verizon’s 2022 Data Breach Investigations Report says 43% of data breaches involve small businesses, that very small businesses are extremely vulnerable to malware, ransomware, brute-force attacks, and social attacks – and may not survive one incident. This is because hackers often view small businesses as easy targets, assuming that they have weaker security defences.
However, research by digital.com reports that 51% of small businesses don’t have cybersecurity measures in place, mainly because they think they are too small to target, and 36% of small business owners are ‘not at all concerned’ about cyberattacks
As a sole trader, or SME you may think that you don’t have anything of interest to a hacker and that an attack or breach won’t affect you and your business, when in fact this naivety can cost you your business. Put simply, attackers will scam just about anybody, including sole traders, so it is imperative that you take steps to protect yourself and your business:
- Businesses of all sizes process and store sensitive data: all businesses have customers, suppliers, financial records etc and with this comes sensitive information such as customer data, payment information etc. Basic cybersecurity measures, such as anti virus software, firewalls, strong passwords, updated software, and multi-factor authentication, can help protect unauthorised access to this data.
- All businesses must comply with regulations: if you process or store customer data then you must comply with GDPR. The industry you operate in may also have specific regulations too – such as PCI DSS for card processing. Failing to comply with these regulations can result in fines and legal action. If you are a member of a professional or trade association there may be terms and clauses in their membership criteria that you need to comply with, failure to do so can cost you your reputation.
- Financial loss can impact you no matter the size of your business: a cyber attack or security breach can be expensive for any business, both in terms of immediate costs (such as data recovery) and long-term effects (such as damage to reputation and loss of business). Investing in even the most basic cyber security protection can help prevent financial damage.
- Maintaining business continuity is vital for all businesses: a successful cyber attack can disrupt a business’s operations, leading to downtime, lost productivity, and lost revenue, and this impact is felt even more in micro businesses where the boss typically performs many roles.. By implementing cyber security measures, businesses can minimise the impact of a cyber attack and ensure that they can continue operating even in the face of a security breach.
- The security of suppliers is a concern too : Along with larger businesses, many micro and small businesses rely on 3rd party software and applications to run their business – things like web hosting, accounting software. These suppliers have a duty of care and must ensure that the data and processes they are managing are safe and secure. Let’s take a look at GoDaddy, the domain registrar web hosting platform, which has 21 million customers worldwide, many of whom are sole traders and small businesses. Just last week it was reported that an unknown threat actor was sitting in GoDaddy’s systems for several years, installing malware, stealing source code, and attacking the company’s customers. This was only spotted in late 2022 when customers started reporting that traffic coming to their websites was being redirected elsewhere. It is thought that attacks on GoDaddy were part of a wider campaign on web hosting companies around the world. So what and who can you trust when selecting software and suppliers? Do some research, how many breaches have they had, how long has it taken them to realise they’ve been breached, how open and honest have they been about it, and how have they put it right? Because one thing is for certain, it’s a case of ‘not if but when’ a breach will happen, so how quickly an organisation identifies and resolves a breach is an important consideration.
Small business owners must understand the risks they face and take steps to mitigate them. Cyber security is crucial for any business that wants to protect itself, its customers, and its bottom line. Investing in basic security measures, such as anti-virus software, firewalls, MFA, strong passwords and staff awareness, can go a long way in protecting the business from cyber threats and even business failure.
We recommend that businesses take a look at Cyber Essentials, a simple but effective government-backed certification scheme, managed by the NCSC (National Cyber Security Centre), designed to help businesses of all sizes protect themselves from the most common cyber threats. The scheme focuses on 5 different areas of cyber security, which when correctly deployed, will protect your organisation from the most common cyber security threats.
We recognise that small businesses typically do not have sufficient resources and time to select and manage multiple vendors of security products, that’s why we recommend that they find a security solutions provider that can provide a package of cyber protection in a single fabric.
Infosec Partners can help you through each step of the process so get in touch if you would like further support.