The cost-effective ways to start safeguarding your business from being hacked…
Greg Sim is the CEO of Glasswall Solutions, an award-winning company that specialises in providing online security for large organisations. He has appeared on TV shows including Sky News and publications such as the Wall Street Journal to talk about hacking and data breaches.
In the first of two blogs, Sim explains why SMEs will continue to be targeted by hackers and outlines the first steps you should take towards protecting yourself from a data breach…
SMEs are a prime target for hackers
“Criminal gangs used to go in and rob banks. Then the bigger banks increased their security, so the gangs moved down to the smaller banks or the post office or the corner shop. And cyber crime isn’t really any different which is why SMEs are a prime target for hackers.
The problem for SMEs is that they can’t afford military grade technology to protect themselves. They’ve got an antivirus which they think can protect them but won’t. Then they take out insurance but once they’ve been breached they suddenly realise they’re not fully protected or insured.
A direct line to a bigger target
Also, the risk to an SME as a member of a supply chain is very high. The supply chain provides a direct line to the bigger target.
If you look at the attack on Target (a chain of US department stores), that came through the supply chain. An aircon company was affected by a pdf containing malware, which they had sent on to Target who thought it came from a trusted supplier. That malware installed a code that could steal data from Target’s PDQ machines. That, in itself, might only cause a certain amount of damage but then it goes into the dark web and that data can be traded on the black market.
In most cases, as an SME your technology wouldn’t tell you that you’ve been breached. The chances are you will either find out through one of your customers or law enforcement.
Imagine it’s like somebody receiving a bogus email from your email address. You only find out when somebody else receives that email and tells you about it.
6 simple steps for SMEs to improve their security
1. Do you regularly change your passwords?
2. Do you use two-factor authentication so you have another form of ID, such as a PIN number, along with a username and password?
3. Have you isolated your data to prevent malware from spreading across a network?
4. Staff should use their own email address when it comes to using social media.
5. Create protection policies for your staff - people will click on files and attachments so they have to be made aware of the consequences.
6. Engage in regular dialogue about security with your supply chain.
Limiting your liability
The point we’ll get to, as they do in America, is the question of who is liable following a data breach? So we’ll have to follow best practices. Banks and law firms especially, will push best practice down to the SMEs and say that unless they can show that they have got the minimum of cyber essentials, then they can’t do business.
On the other hand, if you’re a small company working with larger organisations they will welcome the fact you’re going to them and saying ‘we want to make our own procedures better. How can you help and how can we align?’
Otherwise, there will come the day they can throw this back at you. So if you can say that you’re mapping your own policies and procedures against theirs, that will make your life a lot easier.
But it also needs a lot more help from the bigger organisations, like the banks, to help their supply chain by giving them proper guidance and protection, because it is those big businesses that are the ultimate target for a breach.”
For more information on how Glassware’s technology eliminates malware in documents visit their website
Cyber security for business
The IoD have created a Cyber Hub as a resource for all things digital security. Whether you need to learn the basics with a glossary of cyber-terminology, step-by-step instructions on improving your online protection, or to simply stay involved in the latest conversations, you can find the help you need here to safeguard your business and employees.
Visit our cyber security for business hub
Get involved in the conversation or use the hashtag
IoD members can find more in-depth information and resources about cyber security in our factsheet