One of the Founding Fathers of the United States of America, Benjamin Franklin, said, ‘In this world nothing can be said to be certain, except death and taxes.’ Today in London, we’d like to add a third item to that list of certainties – you must assume your small business will suffer a cybersecurity attack.
Hope has never been a good strategy for survival and success and it’s certainly not now. It’s not a matter of if your business will be victim of a hack but when. It’s just a matter of time.
You must assume your small business will suffer a cybersecurity attack – the statistics speak for themselves
High profile incidents, including data breaches at British Airways and Dixons Carphone, grab the headlines. But according to business insurance specialist, Hiscox, the number of small businesses, (with fewer than 50 employees) which suffered a cybersecurity incident rose from 33 to 47 per cent, last year – so you must assume your small business will suffer a cybersecurity attack, too.
In fact, 55% of businesses across London and the UK faced an attack in 2019, up from 40% the year before.
What’s more worrying? Almost three quarters of firms were ranked as ‘novices’ in terms of cyber readiness.
So, in this blog post you’ll discover how you can protect your company from cyberattacks using 5 ways that enable you to create a cyber resilience strategy, to ensure you’re ready to withstand a hacking attack when it happens. Here’s what we’ve included:
- The problem is the cost of all this connectivity
- The solution is to be cybersecure and cyber resilient
- Make your business cyber resilient in 5 steps
- Start now in creating your cyber resilience strategy
The problem is the cost of all this connectivity
The Internet has been a revolution and a revelation. But the price we have to pay for our always-on, interconnected, data-driven, digitally-transformed, Internet of Things world is eternal vigilance. You have to understand how to protect your business from cyber attack.
Put simply, there’s more data in more places, available through more apps, being accessed by more people than ever. Plus we’ve a growing group of cybercriminals having more ways to sell whatever information they can steal. That is, of course, unless they hope to blackmail your London-based business with ransomware instead.
Note that a cyber attack isn’t just inconvenient and reputation and customer relations-damaging. It’s also expensive. The average cost of such attacks per business has risen from £176,000 in 2018 to £283,000 in 2019, an increase of 61%.
And since the introduction of the EU’s General Data Protection Regulation (GDPR), which protects any personally identifiable information your business holds, you can be fined up to €20 million or up to 4% of the annual turnover for any breach of privacy.
The solution is to be cybersecure and cyber resilient
When you’re wondering how to protect your company from cyber attacks, the answer is not just to be cybersecure but cyber resilient, too.
Cybersecurity focuses on reducing the risk of an attack from happening. Cyber resilience puts the emphasis on keeping your business operational during and after such an attack. Effective business recovery and continuity is a crucial part of protecting your company against hackers.
It may seem overly pessimistic but industry experts assume that eventually at least one hacking attempt will get through to every business. That’s because the threats evolve and become more numerous and more sophisticated as our use of technology does the same. Cybersecurity, therefore, is a game of cat and mouse you must work at to win.
Make your business cyber resilient in 5 steps
You can build cyber resilience through developing a cyber resilience strategy. This will help your business to remain as functional as possible during a hack or other attack, and quick to recover afterwards. Here goes:
1. Involve everyone in the company
Even if you can afford an IT professional or department in the business, it’s not their job alone to ensure the online safety and security of your enterprise.
Every member of your team should know how to protect your business from cyber attacks, and that means being thoroughly trained in the importance of both cybersecurity and cyber resilience. They should understand why both matter to your enteprise and their jobs.
Your cybersecurity attack training should focus on arming your people with the knowledge to spot and stop the different ways hackers can get access to valuable company information (such as email phishing) and who to raise any suspicions with – no matter how big or small those concerns are.
Meanwhile, your resilience training will involve everyone knowing how the business will continue to operate, should it come under attack.
2. Protect your most important systems
Being cyber resilient is all about preparation. To be effective here’s four useful techniques to protect your critical systems from being impact by a cyber incident:
Minimise the connections between your critical and non-critical systems. This reduces the chances of a virus or a hack on a non-critical system spreading to a critical one.
- Access control
Restrict critical systems access solely to those who need them to do their jobs.
Where possible, have back-up critical systems with separate protections in place to bring online quickly, in the event of an attack.
Segment your network according to the importance and trustworthiness of the various elements; this will help prevent any breach from affecting your entire system.
3. Develop an effective incident response plan
According to the UK’s government’s National Cyber Security Centre (NCSC), the characteristics of a cyber resilient system can be broken down into four phases, which are:
- Prepare (through preventative security)
- Absorb (to reduce the risk of an incident escalating)
- Recover (develop and execute an incident response plan)
- Adapt (not only after an attack but also to the ever-changing threat landscape).
As business leader, take a long hard look at the internal structures, operations and processes of your organisation and work out where there could be any weaknesses. From there, derive a thorough plan for each of the four phases outlined above. That’s likely to involve input from a your people and their teams, which makes sense because they’re likely to be the experts in what they do.
4. Run Simulations
Simulating a company-wide security incident is a bit like testing your fire alarms except it’s not needed as often. For resilience testing of your cybersecurity, once or twice a year is probably enough but much will depend on your business, what you do and how you do it.
Essentially you should run through the steps your business will take in the event of a breach or attack to see how well your plans work.
‘Exercise in a Box’ is a ready-made online tool from the NCSC which can help you to test your cybersecurity processes and practice your response to an attack. It’s free and you don’t have to be an expert to use of it. This will allow you to spot and correct any weaknesses in your preparations, so when a real life event occurs you’re ready.
5. Review, refine, refresh and adapt
Just like your business and the information you hold, the cybersecurity threats never stand still; they constantly evolve and your defences must do the same.
So it’s vital your cybersecurity and cyber resilience governance strategies are reviewed on a regular basis, refined to update what’s no longer working and refreshed in line with the changes in your operations and the risks. You must especially ensure you continue to meet all the necessary legal and regulatory requirements, which will likely require board-level commitment and internal auditing.
As we mentioned earlier, people can be your greatest weakness but you can turn them into your strongest first line of defence. That’s IF you provide them with the right training and keep them up to speed with the latest developments in both your processes and the evolving threat landscape.
Start now in creating your cyber resilience strategy
The five tips we’ve outlined e abovcan help get your cyber resilience in the right shape and guide you in how to protect your company from cyber attacks.
If you’d like any further help with this vitally important topic, please feel free to talk to the expert, experienced and award-winning team here at Totality Services. With Five Star customer service ratings from TrustPilot, Feefo and Google we’ve become the most trusted go to IT support team for London. Simply call us for a confidential, no obligation chat about your requirements.