At Taskers Insurance Brokers, we handle data on a daily basis, and as a result take cyber security very seriously. But if you think that your business is too small to justify cyber-criminals taking an interest in hacking into it, you may want to think again.
In fact, cybersecurity breaches cost UK businesses approximately £30 billion in 2016.
You may well have seen articles in the media relating to “hacking”. That is a general term used to describe an unauthorised person gaining access to a company’s Information Technology (IT) systems.
You may also have noticed that many of these cases involve prestigious organisations, some of whom are household names. That might lead you into thinking that it’s only the big companies and institutions that are targets for this sort of criminal activity.
However, if you are running a small or medium sized business, don’t be lulled into a false sense of security. That’s because cyber-attacks are widespread in our society. Across the globe, they cause billions in losses to businesses of all sizes.
- 52% of UK small businesses experienced cybersecurity breaches;
- 60% of small firms don’t know the source of the most disruptive cybersecurity breach or attack in the last twelve months;
- small firms only invested £2,600 in cybersecurity in 2017;
- on average, it takes 120 days for a business to discover a data breach.
What businesses are affected?
Cybercriminals are indiscriminate – whether you are a global enterprise with office worldwide or a sole trader using a single PC to help manage your business, you are at risk. Even businesses such as guest houses, pubs, hotels, restaurants and car garages are at risk – despite you perhaps thinking you are not a target.
That’s because, sadly, successful cyber-attacks on small to medium sized businesses or individuals are not newsworthy. They will typically never be reported, and a substantial percentage of them may never even get incorporated into crime statistics compilations.
Why you are at risk
If you use any sort of information technology, particularly if it’s connected to the internet, you are at risk. That might include just using your phone in a free Wi-Fi zone. You may only have an email address, but a hacker can still hack your business.
Many businesses in a public area can be vulnerable to Wi-Fi hacking. Pubs, for example, can be vulnerable to Wi-Fi hacking. Anyone can go into a pub and name their Wi-Fi the same as the pubs, then gather peoples’ information. If you offer free Wi-Fi, make sure that you have it signposted well enough to ensure people are connecting to the right router.
It’s worth noting that, at the outset, the cyber criminals may have no idea what the weak access point is in business terms. They may not know whether it is a multi-million-pound organisation or a single PC running someone’s home business accounting. All they know is that they can get into the system and from that point onwards they will start doing whatever it is they wish to do.
So, it’s worth being clear. You are potentially just as much at risk as a far larger organisation.
Some of these criminals may prefer smaller businesses because they may be less likely to have sophisticated software security systems in place to protect them against such intrusions.
Does it matter?
Under the new GDPR regulations that came in to force in May 2018, anyone involved in collecting data must adhere to strict rules regarding data management.
So even if you think your business is so small that if someone accessed your systems illegally, they wouldn’t find much of interest, you still need to make sure you comply with GDPR regulations.
What to do about it
You should, of course, take advice on what appropriate software security systems to use. Secondly, it is imperative that you consider appropriate insurance.
The obvious reason for that is to try and ensure that you have a degree of financial support if the worst happens and you incur costs as a result.
All businesses should have the most appropriate cyber insurance cover and support in place – it’s something to take seriously, and all companies are exposed. You may not think your business is vulnerable, but if you handle any data or use technology with passwords, you’re at stake.
We would welcome your contact to advise further on how we might be able to assist.