Why SME’s should Step up Cyber Security

For small and medium-sized businesses across the UK, there appears to be a real disregard for cybersecurity. When implementing Health and Safety processes you will find that most companies are attentive, and when isolating potential HR nightmares they are vigilant, but when it comes to protecting their data, and the data of their clients, the response is sadly lacking. In many ways, this is to be expected. The ‘Digital Age’, although in full swing, is still something that is being adapted to, and businesses becoming more and more aware of the possibility technology holds.

Incredibly, the Small Business Reputation and the Cyber Risk report, launched by the Government’s Cyber Streetwise campaign and KPMG, reported that 51% of those surveyed refused to believe that they were vulnerable. The potentially potent cocktail of believing that the data they hold is unimportant, and their failure to grasp exactly how damaging a breach could be to their reputation, is leaving SME’s in a dangerous position. Consumers are certainly considering the safety of their data, with 83% concerned about who has access, and 58% saying that a cyber breach would discourage them from using a company.

The expense of cyber security isn’t often something that SME’s believe they can’t afford to incorporate into their budget. It is an expense that wouldn’t have been considered even five years ago and yet is something now that must be mandatory. The cost of an attack, to recover and continue, is on average around 6% of turnover, but it is the reputational damage that impacts more emphatically if a breach of client data is tracked back to your machine. If for example, Salesforce, or a similar CRM alternative, is compromised, then consider how the release of in-house tenders, pricing structures and contact details for clients will impact on your business.

As well as the internal turmoil, you also have to consider that 94% of procurement departments would look at removing a supplier if they had been breached, with a further 94% citing cyber security standards as important to the final award of a project to an SME supplier. Understanding that personal and client data is highly valuable is important, but company perception is equally so. In the same report as the data above, 31% of those SME’s surveyed who had experienced a breach admitted that their brand image was affected, and 30% admitted that they lost clients.

The first step to implementing cybersecurity in an SME business is understanding that all data is valuable. The second is to do more than the minimum requirements. With no legislation in place, it is easy to turn a blind eye to protecting data. The third is to consider the consequences. Can your company afford to lose 6% of your turnover and have clients leave your company as a result? Even ignoring the fact that the chance of replacing those lost is severely diminished thanks to your reputation for recklessness with client information, the figures aren’t great.

Lastly, don’t think that security has to cost the earth. For an SME who doesn’t quite know where to start, the important things to consider are:

  • Keeping your passwords strong and frequently changed.
  • Install security software on all devices.
  • Always download the latest software updates for your machines.

Once into this routine, speak to Digital Pathways, and we will show you the next steps to take to keep your data completely safeguarded against criminals just waiting for their opportunity.