Major Cyber attacks against enterprises have raised awareness of the growing cybercrime threat. Recent small business surveys from ESET, the Federation of Small Businesses and our National Cyber Security Centre show that many small businesses still have a misunderstanding about cybersecurity.
As large companies continue to take data security seriously, small businesses are becoming increasingly interesting targets, and the results are often disastrous for small business owners.
Research from the Federation of Small Businesses in 2019 put the average loss per small business from cybercrime at £7,093 which totals to £3.75 billion per year with 1 in 5 businesses reporting a cybercrime. Many of these companies have postponed improvements to their network security until it was too late because they feared the cost would be too high or too disruptive, they did not perceive it as a valuable investment.
Cybercrime is the 2nd most disruptive crime experienced by smaller enterprises with only theft being voted higher in an FSB survey.
Even if you do not currently have the resources to hire external experts to test your computer system and make security recommendations, you can take steps to reduce the risk of costly cyber attacks:
In addition to the recommendations listed, the National Cyber Security Centre (NCSC) offers their 10 steps guide to help business tick the basics while the Cyber Essentials scheme can accredit your business as having the right systems in places.
Research from the FBS in 2019 puts of a figure of 40% of business do not keep their software updated and 35% do not have security software installed.
The ICO (Information Commissioner's Office) fined Gloucester City Council £1000,000 in 2017 after cyber attackers gained access to sensitive private information of council’s staff after they did not update their systems to protect them from a well-known threat.
The attack happened in July 2014, attackers exploited the Heartbleed vulnerability on the council's website, causing 30,000 emails to be downloaded from the city council's email mailboxes. These emails contain financial and confidential information about board members.
“This was a serious oversight on the part of Gloucester City Council. The attack happened when the organisation was outsourcing their IT systems. A lack of oversight of this outsourcing, along with inadequate security measures on sensitive emails, left them vulnerable to an attack.” Sally Anne Poole, Group Enforcement Manager at the ICO.
It is best to install the updates as soon as possible before attacks use the vulnerabilities they patch.
Basic OS updates can (and should) be applied as soon as they are available. However, a more thoughtful approach is needed for most other software used.
Fortunately, companies can easily manage and update several different software packages with update management solutions.
Update management works by analysing your software and systems to determine if updates are available and download them. These updates can be downloaded in the background and can be installed at the specified time.
Westway IT includes update management in its IT support & service plans, which can be used to manage OS systems and common third-party software packages. Unlike automatic updates we have a process for approving updates before they are installed allowing them to be tested and checked for any major issues that could cause you a problem.
The solution also monitors the status of updates on your systems and alerts when an update fails to install, or a system has not installed recent updates. This update management allows organizations to keep up with software attacks, improve endpoint security and reduce attack methods.
Businesses cannot ignore updating their software infrastructure, cybercriminals rely on companies not to update their systems to exploit vulnerabilities and cause damage. If there is an update, it should be applied in a timely manner.
For more information on Westway IT update management and your company's security, click here.
Westway IT is your technology success partner
A data breach can paralyse your small business and lose thousands of pounds in revenue and/or losses. We have the tools available to help reduce your risk of a cyber-attack through multiple layers of security.
To learn how we could help your business book a free 15-minute call with our team.
Our remote support tool has started to download.
Once downloaded please run our remote support tool and follow the on screen instructions.