If you work for a small or medium-sized business we would be grateful if you would be willing to fill-in our cyber survey open until the 31 October 2018. The survey is a baseline survey so that Business in the Community has a better understanding of how it can support small- and medium-sized businesses to be prepared for, respond to and recover from cyber-attacks, as easily and cost-effectively as possible
Cyber-attacks may not be on the top of your priority list, however, cyber-related incidents are more common than you think. We may think large businesses have all the requisite controls necessary to deal with a cyber disruption; however, businesses of all sizes are at risk. Moreover, small businesses do not always realise they can be the gateway to big businesses’ data loss; a breach in a supply chain or the loss of customers’ data could spell the end for many small businesses.
In the Cyber Security Breaches Survey 2018, 42% of small-micro businesses identified at least one breach or attack in the last 12 months. This figure is perhaps not surprising: the DAS Market Barometer found that almost half of small businesses (47%) do not back up their data; 42% of small businesses do not use strong passwords; 55% delay installing system updates. These are easy to rectify and can avoid more serious cyber-incidents in the future.
Recently, there have been several reports of big businesses suffering cyber-attacks. In 2015, TalkTalk were attacked three times and lost more than 157,000 worth of customers’ personal data, including account numbers and sort-codes. Cyber-attacks cause serious disruption, for TalkTalk, their reputation was damaged and they suffered a £15 million trading impact through lost customers. These attacks are often avoidable if a business adheres to basic cyber security principles.
In 2018, Dixons Carphone publicly apologised for a breach involving 5.9 million customers bank details, as well as an estimated 10 million personal records of data. Originally they thought the breach had affected 1.2 million personal records of data, which even then was reported as being one of the UK’s biggest data breaches for a single firm. Consequently, Dixons Carphone customers may have experienced stolen personal data, as well as the potential to have been vulnerable to fraud. However, Dixons Carphone announced there is no evidence of the latter.
In June 2018, Ticketmaster UK reported that they had been hacked due to malicious software on their customer support product, hosted by an external third-party supplier. Ticketmaster and their supplier are still under investigation from the Information Commissioner’s Office.
Big businesses have the people and resources in place to deal with breaches. Would your small business have the capacity to deal with a cyber breach? What could your company do now to prevent yourselves being affected by a phishing attack? How could you prevent breaching the GDPR?
An easy place to start is to take Business in the Community’s free Readiness Test. The test will get you really thinking about how ready your business is for disruptions of all kinds and give you simple steps to make your business more prepared. A resilient business is part of being a well-functioning, responsible business.