Don’t let the Three news fool you. Cyber criminals are indiscriminate. They don’t care that you’re an SME with less than 50 staff. If you’re systems aren’t secure, you could be a target. Complacency is common place. The mantra “it won’t happen to me” resonates throughout industry.
With so much at stake, heads of SMEs and business leaders need to grasp the nettle of cyber security for their business. Waiting until tomorrow could be too late. Reputational damage is often the biggest casualty and costs more in the long run than immediate monetary loss. However, the short term financial ransom will be felt acutely earlier.
It would be irresponsible for MDs, COO’s, CFOs, Marketing Directors, HRDs and the like to assume their IT teams have cyber security covered. They have their own priorities, yet business heads at SMEs and start-ups need to drive home how fierce and assertive the current dark-web based cyber fraudsters are.
Just because industry behemoths like Three, Sony, Talk Talk and Ashley Madison have been targeted doesn’t mean SMEs – like yours - will not be. Quite the reverse. Different hackers apply different methodologies to their strategy on who they attempt to defraud. However, generally the approach is demand a ransom in return for NOT issuing your customer or organisational data onto the web. If this is sensitive data – e.g. Ashley Madison – this can have serious consequences for those involved.
So why should SME leaders be interested. IT issue, right?
With small business and growing business increasing in its importance to the local and national economies, the collective strength of intelligence and operational desire means senior decision business makers and heads of department within these businesses should drive the conversation. As a key member of the leadership committee of your business you’ll need to have open discussion and a strategic plan to counter any threat. If you are not on the board or a senior decision maker; you can still drive the conversation. Take accountability. Such risk collation and management will ensure you avoid automating this process, humans need to drive the agenda to avoid long and short-term damage. For an SME, this could be fatal.
IT, as an individual or a team cannot do it alone and should not be responsible for it. Some businesses use them as a Police Force to enforce requirements. This hasn’t worked because they lack objectivity. It is everyone’s responsibility – and should be led from the top. The enforcement committee should be led by the business to show it is an important requirement.
Here’s some tips from Toople.com for your growing business.
We’re on the side of your business. We want to see you thrive, not pack up through a lapse in security. This is our checklist of things to consider because prevention is better than cure:
- Ensure everyone is pulling in the same direction. You must have everyone singing the song of security; this is NOT an IT issue solely
- Communicate to successfully reinforce the message
- Over-elaboration is not required, for instance follow good password methodology and communicate this to all your staff; work with IT and marketing to communicate
- Understand where your data is and what is important – telling a customer their details have been leaked isn’t going to be well received for follow up business
- Try to break the system; by focusing on exposure you can mitigate risk
- Trust the resources you bring in, but do your homework. You must drive the agenda
- Although public sector, the Government publishes plenty of resources. Wise up.
Use regular events, proactive learning programmes to engage colleagues. Issue and demonstrate useful advice (team meetings, training etc) that users can use at home as well as at work. Also, consider sanctioning the provision into the latest threats etc. – consider using external expertise to deliver this; half a day every few months might be a small price to pay
As a business, you need to be actively prepared for a “hack.” Preparation breeds confidence, but do not lead this to arrogance and that familiar statement “it won’t happen to us”. You might be surprised. I hope you’re not.
If the worse does happen, go to the Police. The authorities deal with countless number of these attempts every day – and that’s increasing. They will advise on the best course of action to assist you escape this and move on.