UK SMEs: The importance of cyber security
As part of Cyber Security Month Michelle Kradolfer, Cyber Development Officer at the Police Digital Security Centre looks at the cyber security landscape, how SME’s can test their cyber security resilience and the simple steps that SME’s can take to improve it.
Since the start of the global Covid-19 pandemic, cybercrime has increased by 600%. 46% of all UK businesses have suffered at least one attack within the last 12 months. Around 65,000 cyber-attacks are attempted on UK SMEs daily, with about 4,500 of them carried out successfully, according to Hiscox. This means that every 19 seconds, one SME in the UK is suffering from a cyber breach/attack – and a survey by cyber insurance firm Gallagher reported that at least a third of businesses admitted that if they suffered a breach and were unable to continue to trade, their business wouldn’t be able to survive for more than a month.
SMEs are already dealing with difficult challenges and the last thing they want to think about is cyber security. However, with the sudden change in work practices as a result of the Covid-19 pandemic, cyber criminals are taking this opportunity to exploit SMEs poor security and attack them when they are at their most vulnerable. This is why investing in cyber security has never been more important.
Nowadays businesses have a website, store important digital information within their system or the cloud (e.g. personal/financial data, intellectual property), use online banking and usually equip their staff with work devices (phones, computer, USB drives). If these devices and network systems are not secured properly and left vulnerable, an organisation can fall victim to a cyber attack. The effects of such a breach can be devastating, resulting in financial, personal and material loss, which could leave the business fighting for their very existence.
While this all may sound daunting, here’s the good news! Implementing good cyber security practices within your organisation is very easy, simple and straightforward.
We at the Police Digital Security Centre believe that education and awareness is the most effective way of reducing the vulnerability of small businesses to the most common types of cyber crime. By making simple changes within your organisation and reviewing those cyber security measures on a regular basis, can help you prevent an attack or breach. For example, ensuring that you have a strong password policy, training your staff how to spot phishing emails and encouraging good cyber security practices within your business, are all steps SMEs can take to strengthen their cyber security posture.
Good cyber security will benefit every aspect of your business and strengthen your capability to respond and recover more effectively. In case of a breach, you are able to keep disruption to a minimum, recover more swiftly to ensure business continuity and reduce your overall financial, data and reputational loss that could otherwise be crippling to your business. Additionally, by understanding your exposure to risk and putting into place simple control measures demonstrates to customers, staff, stakeholders and suppliers how important the security of their information is.
Here are the top five cyber security tips we give to SMEs:
- Strong password policy – To prevent unauthorised access to your device use a strong password for all devices and social media accounts (e.g. such as a passphrase of three random words). Change default passwords on all your devices upon initial installation (especially your Wi-Fi router at home or any IoT devices you may have!) and consider using password managers to store and protect your passwords.
- 2FA – Turn on two-factor authentication on all your accounts and devices, to ensure that your data and information is secure.
- Software update – Set all your devices and apps to download and install updates automatically to ensure that any crucial fixes are not missed, which will reduce the risk of your devices being infected with malware.
- Back up – To safeguard your most important personal data and information, back them up to an external hard drive or cloud-based storage system to avoid any losses.
- Install Anti-virus – Install and activate anti-virus software on all your devices, preferably set it to update automatically. This will help you to run a complete scan of your system and check for any malware infections.
For more easy and free cyber security tips, please visit our ‘Advice’ hub on our website www.policedsc.com.
To help businesses start their cyber security journey, PDSC have developed a simple online assessment tool which will help test the resilience of the business to the most common types of cyber crime. Based on the National Cyber Security Centre’s Small Business Guide, and developed in collaboration with BSI (the British Standards Institution), our Digitally Aware scheme recognises those businesses who have made the first step towards better cyber security. Successful applicants receive a certificate and a tailored report with specific recommendations of action in accordance with the latest Government and police guidance based on their assessment.
Currently, only 70% of organisations who have undertaken the Digitally Aware certification scheme have passed it, demonstrating that a third of these organisations are not equipped with the most basic cyber security measures, leaving them vulnerable to cyber crime and fraud. However, these vulnerabilities are easy and simple to resolve and using the resources from our Digitally Aware platform, designed specifically for SMEs, your business can quickly improve its security posture and reduce its vulnerability to cyber crime.
The most important take away is that cyber security really isn’t that daunting or complicated to do and in fact has a positive impact on how SMEs can conduct business securely. So, our message is clear: Good cyber security is good for business.
Michelle Kradolfer is a Cyber Development Officer at the Police Digital Security Centre. Michelle graduated from Middlesex University in December 2019, with a Master of Cyber crime and Digital Investigation (with Distinction). Her previous academic background includes a Master of Criminology and Bachelor of Socio-Legal Studies, which she completed at the University of Sydney in Australia.
In 2014 Michelle was an intern at INTERPOL, with the Research and Innovation team within the Cyber Innovation & Outreach Directorate. That internship sparked an interest in cyber crime and cyber security, and wishing to pursue a career in this field she moved to London a few years later.
In 2019, Michelle successfully completed a course on blockchain forensics by CipherTrace and was accredited as a CipherTrace Certified Examiner (CTCE). She additionally obtained a certificate for a foundation course in coding and web development.