Cybercrime remains one of the greatest threats to UK business. Latest government figures calculate that it costs the country £27bn each year, with £21bn of that cost shouldered by business.
When it comes to the types of enterprises targeted by criminals you may be surprised to hear that small to medium sized businesses bear the brunt of the activity, taking 40% of all targeted attacks. Unfortunately the cost of cyber breaches to individual businesses looks set to rise.
The EU has introduced a new directive designed to increase cyber security across the majority of businesses in the EU. While the intentions of the directive is to help small businesses, many fear it is simply adding expensive red tape, the cost of which will be hard to meet.
The Directive will require huge swathes of companies to tell regulators each and every time they have a data breach. Not only does this cost money, around 6 per cent of turnover on average, it could also do reputational damage by forcing companies to reveal insignificant breaches.
The Directive is part of a wider drive by the European Commission to battle cybercrime. It is thought that by enforcing ‘high common level of network and informational security’ that a strong level of trust will be created and crime will diminish.
Regulators already require telco businesses to report any data breach but the Directive opens this out to many more.
The list of sectors which must adopt EU standard security and report any breach now also includes energy, transport, banking, stock exchange, healthcare, ecommerce, social networks and public administrations. There aren’t many companies which don’t fall into these categories.
With this is mind, small businesses up and down the country must pay extra attention to cyber security or risk facing higher costs than necessary. They must do everything in their power to avoid costly breaches.
Advice on avoiding data breaches
Understand where your data is stored and who has access to it
To protect your data you must first understand what you have, where it is kept, who has access and how sensitive it is. Most small businesses have data stored in many places from their employees’ smartphones to third party cloud services to computers in the office.
Take the necessary actions to protect this data and know who has access to what at all times.
Make sure all your staff are fully-trained to avoid breaches
Every single person in your organisation probably has access to some form of data or simply uses your computers. From your newest interns to your CEO, everyone must know how to avoid malware and how to properly protect the data they are in contact which.
The smallest glitch in your defence could allow something malicious into your systems and cause a report worthy breach. There should be rules of behaviour for all describing how to protect vital data.
Ensure you have strong antivirus and internet security protection
Your computer system must be protected by the latest security technology. Without this you are not only leaving yourself open to attack but could also face penalties from the European Commission which now requires that businesses have adequate protection.
With increasingly mobile workforces you must ensure your employees personal mobile devices such as smartphones and tablets have protection also. There are services such as the AVG Anti-virus app which are free and go a long way to protecting your data when it is on the move.
Know what to do if you have a breach
More than ever it is important to avoid having any breach of data but you must be prepared for a time when you do. By understanding the steps you must now go through to report a breach, you can save time and worry if and when it does happen.
Yes it could be costly but it is now imperative so it’s best to be prepared. Visit the Information Commissioner’s Office website to see how breaches must be reported.
May 1, 2013