Small Businesses Need To Face Up To Big Security Problems

We’ve had millennia to learn behaviours in the physical world, yet as a new digitised world emerges we’re still playing catch-up from a cyber-perspective.

In the physical world we are extremely security aware, we would never walk down a dark alley or let a stranger into our home for example, so why does a lack of oversight persist in a digital world?

In particular, this attitude seems pervasive within the small business community. The recently launched Cyber Streetwise report highlights that around two-thirds of UK SMEs don’t believe their business is vulnerable to cyber-attack, and only a small minority say security is a priority for the coming year. With small firms accounting for 99.3 per cent of all private sector businesses in the UK, according to the Federation of Small Businesses, this is particularly concerning.

Unaware?

Most SMEs probably think they’re not at risk because they consider themselves to be under the radar of cybercriminals. In truth however, any business can become a target of a cyber attack, and if you consider your business not worthy of an attack, how about that of your customers and the businesses that you interface with?

Hackers will exploit any route to access something of value to them – for example, you may be a payroll provider to a larger business with an asset that the hacker holds in it’s sights, and your lack of security may provide the perfect route in for them to access their end goal. Any organisation, regardless of size or sector is at risk. Furthermore, the explosion of inexpensive and readily-accessible attack tools is enabling anyone to carry out an attack. In 2014 spam alone increased in volume by a significant 250 percent, according to Cisco’s Annual Security Report.

Employees and IT teams are increasingly becoming unwitting players in cyber-attacks, either by a lack of awareness or sense of responsibility at the individual level.  Many SMEs would be alarmed to learn that a major portion of security risk therefore stems from internal sources. Research from Cisco has revealed that employee behaviour is the second greatest source of risk to data security, second only to cybercrime at 52 and 60 per cent respectively.

Securing networks and devices will only carry an organisation’s defence so far, what’s really important is to take employees with you. Organisations of all sizes need to make sure employees understand the impact of their actions and, through close collaboration between business and IT leaders, embed security into all business processes.

To do this, business leads need to look at security from a user perspective. By identifying different profiles of user behaviours, specific approaches in order to limit the risk posed can be developed without impinging on an employees’ freedom to perform. Think; are your workers threat-aware, well-intentioned, more complacent, or cynical? Once this is clear, adjust the specific approach used in order to limit the risk posed whilst leaving people free to perform at optimum efficiency and effectiveness.

As a whole, the security industry needs to ensure small businesses, without access to the resources available to larger enterprises, understand that community is a key component of protection. In addition to sharing threat insight and best practise through industry-wide or government bodies, small businesses should also look to the managed service provider community for access to expertise and the best technologies in the market. Small businesses can remain assured that they are constantly upgraded and kept secure through scalable cloud solutions and managed network infrastructure at a fraction of the cost to an on-premise solution.

Only through a collaborative approach and ensuring that security measures are deployed across the business, will SMEs be able to ensure their security policies are not only adequate, but reflect the ever-evolving cyber security landscape.

Terry Greer-King is director of cyber security at Cisco UK&I.

Are you a security expert? Try our quiz!