Chief Underwriting Officer
No matter how much noise there is around cyber security and its importance for all businesses, many entrepreneurs and small business owners are still reluctant to relate. That is, until the issue becomes one of their own. The problem is, though the issue of cyber security has gained significant exposure in recent years, there are still myths and misconceptions in regards to who can become a victim and how they can be affected in the event of a cyber attack. Whether you are a creative consultant, a healthcare professional or a freelance photographer, chances are you operate online in one way or another and can experience a cyber or data breach. We have picked the most widely-accepted myths to help business owners rethink and assess the risk areas and start mapping out defence strategies.
SMEs are not the target
Let’s get this straight: a business becomes a target for cyber criminals as soon as it acquires clients, if not before then. The single most accepted misconception is that a small business is not worth the effort for a hacker to target, which leads to small business owners often bypassing the cyber security practices. As a result, nearly half (47%) of small businesses suffered a cyber breach or attack during in 2018, as there are, quite literally, no barriers for cyber criminals to break.
And when it comes to specific targeted industries, there is none. Whether it’s a tech startup or a nail salon, an IT contractor or a freelance photographer, they all use various hardware and, even more so, software to support their businesses. They all have to manage their clients and financial transactions. Naturally, this makes all businesses prone to cyber security breaches, leaving their customer data, including credit card details at risk.
In the past few years, cyber attacks have been rocketing in numbers during the festive season, as well. Along with the statistics, Cyber Monday has now acquired a whole new meaning. As more and more consumers hunt for attractive offers, the opportunities for hackers grow rapidly. And considering that businesses are mainly focused on stock maintenance and timely deliveries during the holiday season, they become even more vulnerable this time of the year.
My devices are in safe hands
The general understanding is - with a good IT department and suitable anti-virus software, your devices are safe. This, however, couldn’t be further from the truth. Though the tech team is responsible for installing rules and policies in place, they cannot oversee every employee’s behaviour. This is exactly why every person in the business has to be trained accordingly in order to stay away from unsecured networks, suspicious emails and compromised websites, as a 36% of breaches were caused by authorised user errors or misuse.
Though Apple devices are indeed more withstanding against viruses, cyber criminals have learned a thing or two in the past few years about getting around Mac and Linux security systems. Same goes for anti-virus software. Nothing is completely safe from a determined cyber criminal.
The list of devices that are prone to a data breach does not stop at laptops - it incorporates phones and tablets, including personal ones. Moreover, it only takes one weak device connected to your network to bring the whole system down, if targeted. And that doesn’t mean you will even be aware of the attack, as the majority of hackers prefer to stay unnoticed for a long time, while the prospecting damage to your business and reputation grows exponentially.
All data is safe in the cloud
Even if you don’t store any information on your devices, relying on cloud storage to secure it for you is not always the right way to go. Cloud structure is exposed to cybercrime the same way your devices are. The difference is, your data security becomes your provider’s responsibility, and it’s them who have to take the security and safety measures for their system. Unlike a small business, naturally, these providers usually have high cyber security standards in place. However, if the likes of Adobe and British Airways cannot withstand an attack, neither can the said providers. No wonder that 66% of IT professionals say security is their most significant concern in adopting an enterprise cloud computing strategy.
The fact remains that any external resource you use can be compromised - be that transaction services, client management tools, email or social media. In regards to the latter, some businesses have collapsed purely because their accounts on social media were jeopardised. As a vast number of one-man enterprises conduct their business through their social media accounts, a stolen password is all it takes to cause a shut-down.
Considering all of the above, complying with GDPR might become a considerable challenge, as a data breach of any kind can raise even bigger regulatory issues. In fact, 51% of SMEs have confirmed they had to change their cybersecurity policies with the rollout of GDPR. Adhering to the rules of GDPR means having sufficient security in place, as well as being thoroughly prepared to respond to a breach if the worst happens.
The measure one has to take to minimise the risk do not end at creating strong passwords. In saying that, using a secure password manager is a good start, especially if some login details have to be shared across team members. No matter what tools you use, you always have to make sure to keep all software up-to-date, as your providers will be adding and refining their security measures with every update.
Nonetheless, staying safe is not merely about taking the right cyber security measures. A vital part of cyber security is having a solid plan for damage control, in case all the measures taken to prevent an attack have failed in one way or another. As such, investing in the right cyber insurance can put your mind at ease. With the introduction of the General Data Protection Regulation last year, and with the growing threats to data security and privacy, we at Superscript has redesigned our cyber insurance to provide the most comprehensive cover for when things do go wrong. We’ve combined everything one can think of in one cover: data breaches, failure to comply with GDPR, media liability for all content that you publish online and a robust breach response package with legal, PR and IT forensic support. Unlike other insurance providers, we included all of the above as standard. Clearly, all this is a lot to get your head around, but if you need more tips and advice, have a look at our ultimate guide to cyber security and a blog on everything you need to know about the GDPR.