All too often when speaking with small business owners, we hear how Cyber Security is not a major concern.
Cyber Criminals only go for targeted attacks against big organisations with huge assets and valuable data right?
Why should a small business choose to spend any of its valuable and limited time, money and resources on Cyber Security? Surely it would be better to focus on operating and growing the business, instead of just mitigating a risk that isn’t deemed to be much of a risk in the first place?
Well what if attacks aren’t targeted at all? What if launching a Cyber Attack against your small business and thousands more like it was only as much ‘bother’ as clicking a button? What if you don’t fully appreciate what your data is worth? What if the easiest way of attacking big corporations to get at their valuable data is by attacking a smaller business in its supply chain- a small business where Cyber Security is not a major concern??
Unfortunately, this is the reality of the Cyber Threat landscape your business is facing today, and regardless of the size of the organisation you need to make sure that Cyber Security is firmly on your radar.
Not convinced? Let’s look at some facts.
- Small businesses are typically less protected and less security-aware than larger businesses and therefore ‘low-hanging fruit’ for Cyber Criminals to pick off at will
- Data is where the real value is today (particularly financial data) and every business large or small holds data. Data for employees, data for customers, data for suppliers… you don’t want to be the ‘weak link’ in any supply chain you may be involved with by letting attackers in
- The majority of Cyber Attacks are not targeted at all. Most Ransomware and phishing attacks are actually automated ‘scattergun’ attacks, fired indiscriminately at whatever mailing list or list of web domains an attacker decides to choose that day.
Bottom line, you don’t actually need to be a target to be hit with an attack.
Still not convinced? Okay, well consider this: Cyber Security for small businesses isn’t just about mitigating risk, it’s about gaining a competitive edge.
You can be sure that the majority of larger organisations are fully aware of the Cyber Security risks they face and are fully focussed on mitigating that long list of risks as far as possible. You can also be sure that near the top of that list is the supply chain.
Big businesses are now more often than not seeking to ensure that Cyber Security is a concern for any company they do business with, no matter the size. Many are now demanding that existing and potential suppliers prove, and can demonstrate compliance with security standards such as Cyber Essentials or ISO 27001- just to even be considered as a business partner. This means that a significant deciding factor in retaining contracts, winning tenders and even just building a relationship of trust with clients and suppliers could be down to how Cyber Secure that business is.
Having robust and demonstrable security policies in place show that your business has taken steps to protect not only its own interests but those of clients and suppliers alike- and that is precisely what companies are looking for when choosing partners or suppliers to engage with. If your business can’t show this consideration then you risk losing out to competitors who can, and if nothing else then surely that is a risk that every business owner can understand.
With this potential loss of business, financial fallout of an attack potentially running into the thousands, loss of confidence in your business and all that potential reputational damage, how long can your business afford to ignore the risk?
It’s best not to wait to find out. The good news is, there is plenty of free information around to help you improve your cyber security position and get ahead of the game (and your competitors). The NCSC site from the UK government is one good place to start but here are plenty of others, take a look.
Above all, if you own a small business, don’t be one of the reported 60% of business owners who assume they’re not at risk. Don’t bury your head in the sand and don’t miss out on an opportunity to grow your business, and set it apart from the competition. Doing something is better than doing nothing, and the best time to do something is before your business becomes just another statistic. So, start today.
We do understand that even with the great free information available from the NCSC and other sources, the time required to read and understand this, and to plan and take the relevant actions is time not spent running your business. If this is stopping you from protecting your business, we invite you to schedule a 30 minute call with one of our Cyber Security Consultants to help you understand where your key risks and opportunities are, and how we might be able to help.