How SMEs can keep themselves safe from cyber-attacks
Rebecca Chapman is Director of the North East Business Resilience Centre (NEBRC), a not-for-profit organisation which exists to help protect businesses across the region from cyber crime.
She has a keen interest in the world of cyber and the related issues facing businesses today, in this new and emerging domain - and shares some of the ways small businesses can defend themselves.
I'm often asked why businesses should invest precious resource in cybersecurity, not least during this extremely socially and economically challenging time.
The COVID-19 pandemic period has seen a 400% increase in cyber fraud, with statistics reflecting that small businesses - and particularly the self-employed, sole traders and micro businesses - have found themselves at greatest risk and without access to relevant cyber support and services.
In answer to those questions, put simply, the way we work is changing, and this needs to be addressed with regard to our cyber responsibilities.
These recent times have seen employees sent home to work, often on their own devices, and without proper guidance on use of the internet, or the security needed to make it safe - opening us up to new cyber vulnerabilities. A prime example is the increase in mandate fraud during lockdown - as spoof invoices are paid unknowingly to criminals. And such crime is only set to rise.
With the pandemic generating a shift to online commerce and digital interaction, we all have to take ownership to ensure that we are safe in our online operations, for our own peace of mind as well as to secure our business reputation and customer service culpability.
Cyber, as they say, means business. And cyber security is a key and necessary part of the new world’s recovery plans to produce resilient and thriving businesses.
Companies need to respond and adapt to this new world and the changing behaviour and expectations of customers. This is the time to implement robust cyber credentials and to communicate that to stakeholders. Indeed, research indicates that current digital communications strategies are being brought forward, on average, by more than five years.
Research into the understanding of SME cyber security adoption and training preferences was recently conducted by our Head of Student Services. As expected, SMEs are discounting their risks to certain types of cyber-attack, even though they appreciate that such attacks can have large business impacts.
Simply put, they do not think it will happen to them. One business owner recently said, “what would they want to hack me for?” The sad truth is that criminals no longer just target large corporations seen as rich pickings; they sweep wide and attack wherever there is a weakness.
The top-ranked barriers to cybersecurity adoption for SMEs are knowledge, cost, and the ever-changing nature of cyber crime. Small businesses don't know where to start, and there is a false preconception that they can't afford the protection needed.
Indeed, quite the converse is true, and can be found in the NCSC small business guide and its 10 steps to cyber security, all of which are relatively easy to implement.
The strongest cue to action for SMEs is if their business were attacked, followed by receiving government and professional advice. In other words, they won’t do anything unless they’re told they have to, or are attacked - by which time it’s too late. The research also shows that SMEs prefer face-to-face advice.
Research is already underway with IT and cybersecurity providers and SMEs, to further inform change drivers, in order to provide more detailed context into SME cybersecurity adoption. This element of research is expected to be completed by Christmas 2020 and published in early 2021.
The NEBRC was set up to support SMEs in the region, and presents a unique nexus of corporate business, law enforcement and academia. We promote assurance rather than fear, providing - COVID-19 dependent - face-to-face or webinar-based training and access to the latest government guidance.
And we're currently working to deliver a dedicated outreach education programme, on behalf of Leeds City Region Enterprise Partnership (LEP), to improve cyber resilience through assessment, testing, certification, education, and guidance for businesses within the region.