Updated: Feb 27
What, exactly, is cyber security? Cyber security defines the ways people and organisations cut the risk of cyber attacks. It protects the devices we use, whether it's a smartphone, laptop, tablet or desktop computers, and it also protects the services we access online from theft and damage. But it also covers the things we do to stop unauthorised access to the information we store on our devices at work, in online accounts, and in the cloud.
This is how Wikipedia defines it:
'Computer security, cybersecurity or information technology security is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.'
Even if you think your business operates exclusively offline, something that's vanishingly rare
these days, you'll probably tap into internet technologies at one stage or another along the sales funnel. And that means every business owner in the land needs to take cyber risks seriously.
Without good online security at home and work, everything from online banking and shopping to email, messaging and social media is at risk from criminals and mischief makers. And cyber criminals are becoming ever-more sophisticated.
As far as definitions go, cyber security focuses on protecting computer systems from unauthorised access, data theft and damage. Information security, a broader category, protects all information assets, printed or digital. And network security covers activities designed to protect the usability, reliability, integrity and safety of a network.
The impact of the law – GDPR
In the UK we're subject to the GDPR, the General Data Protection Regulations, and they'll still be legally binding after Brexit. There's no escape, and falling foul of the law means your business could face stiff fines as well as having to deal with the fallout from lost or stolen data, IT systems you can't use, damage to your brand's reputation and legal action from people and organisations whose data you didn't look after properly.
Does the size of the business matter?
If you're a small business, even a sole trader of freelancer, you're not safe. While cybersecurity risks vary significantly across company sizes, industries and the technologies they use, digital security is always important. A £100 million international company with an online presence in 10 different countries faces a very different cyber risk profile from a £10 million local business with hundreds of thousands of client records. The first maybe needs to focus harder on dealing with potential business interruption cross-continents, the second perhaps needs to take greater care over data breaches. Whatever the size of your business a cyber breach could cost you more money, time and customers than you can afford, and even affect your future thanks to a damaged reputation.
How common are cyber attacks in the UK?
According to the BBC more than half of all British businesses reported a cyber attack between January and April 2019. At the same time most admit they are 'under-prepared for breaches', or so says research from the insurance intermediary Hiscox, which also discovered that 55% of British businesses suffered a cyber attack in 2019, up 15% on 2018.
Almost 75% of UK firms are classified by experts as cyber risk 'novices'. Too many feel they're not at any risk. But a sharp increase in cyber-attacks through 2019 so far, and many firms reporting at least one attack, proves them wrong. Worse still, average losses from breaches have increased by 61%.
All this sits against a UK landscape where 'the percentage of firms scoring top marks on cyber security had fallen, with UK organisations doing particularly badly.' We also have the lowest cyber security budgets and are the joint-least likely, along with North American businesses, to employ a person with a 'defined role for cyber security'. On the other hand GDPR has made a difference, with 80% of the British businesses quizzed by Hiscox claiming they've made improvements since GDPR came into play.
What's your biggest cyber security risk?
It doesn't matter what size, shape or flavour your business is. Your single biggest risk is your
employees, and not because they're bad people. When employees are not trained in recognising and dealing with cyber risks, they don't have the skills or knowledge needed to keep your business safe. A single training session isn't going to be enough because the cyber risks we face are constantly changing.
Having said that, the most common cyber-threats remain much the same: phishing campaigns and ransomware, emails with dodgy attachments, data leakage, hacking and threats from disgruntled insiders. None of it is hard to deal with or impossible to fix. You also need to beware of Trojan horses, viruses, adware, rogue security software, spyware and worms, social engineering, DOS and DDOS attacks, Rootkit attacks, SQL injections and SSL or WiFi hijacking.
As you can imagine, getting a good first line of defence in place to handle common threats means your people will be better able to recognise any new, innovative threats that might arise. As your first line of defence, your employees deserve to be given the tools they need to protect the business and their futures.
Cyber security help for SMEs
The government's NCSC website contains lots of good advice for businesses, charities, clubs and schools with a maximum of 250 employees. Most businesses without a dedicated internal team fall into this category. There's vital insight into handling passwords safely and securely, how to keep the information you store on the Cloud secure, patching, phishing, access control and AI, asset management and authentication, bulk data and configuration management, cryptology, incident management and a great deal more.
UK Government support with cyber security
There's also the government's Cyber Essentials scheme, developed by the National Cyber Security Centre and a great way to protect your organisation from most cyber threats. It's designed to help UK organisations 'significantly increase their protection' against today’s cyber threats.
There are two certifications allied to the scheme. Cyber Essentials basic is a self-assessment of your current security readiness, and Cyber Essentials Plus gives you more assurance thanks to an independent security expert who audits your security.
We'll be happy to help you with both, supporting a strong first step towards a cyber secure future.