Even a 3-person company can’t rule out the need for cyber security reviews in their businesses.
The government recently allocating some £860M to its cyber security efforts particularly focusing on the recently launched CERT-UK (http://cert.gov.uk) which aims to provide advisory notices of cyber security issues related to national security. CERT-UK with Chris Gibson former cyber security chief of global banking corporation Citigroup at the helm launched in the last couple of months certainly seems like the first milestone towards achieving a more proactive approach to cyber security in the UK.
Because it’s not just governments and large public companies that need worry about computer security, with the average cost of a cyber security attack ranging from £400,000 — £800,000 every business small and large needs to be aware of the implications of cyber threats.
Smaller companies with smaller budgets still need to face the facts that these things occur and in order to remain competitive in the market place and resilient to current climate — IT security is something they need to keep in mind. With everything moving to the cloud its crucial there are policies and procedures in place to monitor goings on across their network.
From system downtime, lowering staff productivity and of course legal and financial problems that may occur due to a cyber attack there are many facets to take into account. These problems stem from poorly configured network appliances, out of date software, weak passwords, staff training and much more.
To give an example of possible threats you may not have thought of as being important enough to consider. What about Dropbox or similar ‘cloud’ data sharing accounts — it’s not just what you put into it that you need to be careful of but what others can put into it also.
It’s not unheard of during security audits we perform to see not only small business owners, but mid level execs, CEOs and more placing crucial company information into sync services. This poses a threat in more ways than one as you may share certain folders or files with others & this happens to allow others to not only ‘read’ what you share but also ‘write’ to your shared folders meaning a virus or similar malicious program could end up in your system without you ever clicking a thing. Once onto your system there’s no end to where this may stop.
So whats the solution — stop using these services altogether? No of course not — but to be vigilant about which you use, how you use it and who you give access to even if its only a single folder shared.
That’s just one of the many things we see happening on routine audits.
You may not lose 40 million credit cards like shopping giant Target did in 2013, be at risk of losing trade secrets or having your corporate data leaked across the Internet. But what would happen if your business systems halted for a day, a week, a month? Published author losing a manuscript, finance directors having their entire systems wiped out for ‘fun’ by a computer hacker. Companies are rarely ‘targeted’ any more with much of the ‘hacking’ being done for amusement by a variety of age groups across the globe.
What you need to take away from this is the knowledge that policies and procedures need to be put in place for any sized business, small, medium or large.