A staggering 74% of small and medium sized enterprises (SMEs) were subjected to breach of security of their computer systems in 2015 according to a recent report* and it appears to be on the increase.

For some, it was as simple as a virus on the system but for many it was much more serious and it was estimated that costs to the business of a cyber-attack typically fall in the range of £75,000 to £300,000. 

There is no doubt that cyber criminals are becoming increasingly more sophisticated in their attacks and there is ample evidence that SMEs who do not have the advantage of expert in-house computer experience do not have the resources to catch up.

What are the criminals after? There are some that are trying to steal intellectual property, perhaps in things such as copyright or design rights; however this is more common against larger businesses. More common against SMEs is tapping into passwords and bank details.

There are four practical and technical things that you can do to protect your systems:

  1. Download software updates as soon as you are notified. One of the most important parts of software updates is the security.
  2. Use anti-virus software and keep it fully updated.
  3. If you use online banking, use any supplementary security software that your bank may recommend.
  4. Move your data to the cloud, using a reputable supplier, such as Microsoft. This will prevent you from having to deal with copies of data and hard back-ups that bring additional security risks.

The most important aspect of security is related to the way that you and your people work. Here are the things that you can do to improve security:

  1. Make your people aware of the need to be vigilant when it comes to security of your systems and data.
  2. Ensure that your people take a minimum of 1 hour formal training on cyber security. (There are courses free online, including Open University).
  3. Make sure that staff are trained to recognise and permanently delete (without opening) any emails that are suspicious and likely to contain malware.
  4. Enforce a strict policy of strong passwords and make sure they are changed regularly.

Cyber security is about 3 things; Awareness, Procedures and Consistent Application.

*Information Security Breaches 2015, PWC