We have heard a lot of bad news recently in relation to cybercrime with the much publicised WannaCry ransom-ware attacks that hit over 100 countries last week. Here our NHS establishments were hit pretty hard with 37 hospitals and 16 NHS trusts falling victim. The woeful inadequacy of the security in place to combat this infiltration shows how easily it can happen. Overworked staff, budget cuts in NHS security, the continued use of legacy systems and the failure to apply a crucial patch despite several warnings all contributed to this disaster. If it can happen to an organisation that on average spends £23k per trust what chance do small and medium-sized enterprises (SME) have who are simply not going to have this amount of budget for something as niche as IT security? Small and medium-sized enterprise needs protection against ransom-ware.
SME’s have to be aware though as in 2015 over half of all cyber-attacks in the UK were aimed at SME’s. 31% who have been targeted said it damaged their brand, 25% of attacks led to customer delays and a staggering 93% said it crippled the businesses ability to function. SME’s are an attractive target as 50% of businesses state they have no recovery plan in place and are therefore not prepared for an attack.
So what can SME’s do?
Train your employees
95% of cyber-attacks feature human error somewhere along the way, from accidentally leaving a password lying around to opening an email with malicious content there are a lots of ways people can cause or contribute towards an attack. SME’s need to develop training programs that encourage vigilance. Employees need to be trained on things like password management and safely using the web and email.
Develop good policies
Getting good policies in place can be a huge step towards combating attacks. Good policies to think about include a Personal, physical & environmental security policy, an IT Security policy and an Information Security policy. You also need to give your employees the opportunity to understand these and learn them. You should therefore combine this measure with training.
Password protect your Wi-Fi
Unbelievably only 41% of SME’s have a secure Wi-Fi router. You should look into this and if your Wi-Fi isn’t password protected, get this set up.
There are plenty of excellent anti-virus software that will simply halt a massive amount of potential cyber-attacks. There are lots of very good free programs too if you have no budget for this kind of thing but if you can afford it, business specific software can be licensed to devices and controlled centrally so whenever updates are released (which is quite often) every device can be secured quickly and easily.