Why SMEs can't afford to avoid the vital topic of cyber security: Felix Gyamera
An SME serving several thousand clients a month suffered an attack which compromised personal data and direct debit member data.
According to Action Fraud, the average cost of a cyber breach for SMEs in the UK is around £3,500, costing SMEs on a daily basis around £31,000.
Advertisement
Hide AdAdvertisement
Hide AdThe good news is that some of the risks can be mitigated through due diligence without spending a fortune.
SMEs can get help from their Managed Service Providers or other consulting firms.
Additionally, there are institutions that support companies free of charge such as The North East Business Resilience Centre (NEBRC) in Yorkshire. It is worth taking a look at what options are available to you in your region if you want a professional overview without going out of pocket.
Should you be ready to achieve compliance, you’d need to work with an IASME accredited body to be certified. This is the kind of certification that companies have to get some peace of mind and send a strong trust signal to their supply chain.
Advertisement
Hide AdAdvertisement
Hide AdOn some occasions, it may also be the last resort option for entities with their backs against the wall.
Compliance is becoming a bigger and bigger industry. There are stronger penalties for non-complying companies and there are talks about public institutions being barred from grants if they can’t produce a Cyber Essentials certification.
There are pieces of technology to help you along the way such as Vanta that automates compliance since it is harder and harder to get up to date with the latest policies in real time.
Studying for a Certified Information Systems Security Professional has helped me understand recurring themes that can help cyber security integrate into company culture.
Advertisement
Hide AdAdvertisement
Hide AdThe CISSP contains more than 21 chapters that took me 10 months to digest. Now, the book brings concepts I was first unfamiliar with, like cryptography and key algorithms for example.
So only a portion of it is pretty useful. Here are some key takeaways:
- Risk, risk & risk: Evaluating risks to your assets to mitigate risk by implementing rules, policies (or controls) to acceptable levels is of crucial importance.
- Access Control : 3 entire chapters focus on that and encourage companies to use the concept of “least privilege” in most situations. Technology can help us limit access to company information but this should be practiced digitally as well as in person to avoid any social engineering attacks.
- Training: It is easy to fall for traps from hackers who are using increasingly sophisticated ways to get what they want. Ongoing training around phishing, strong passwords, and other forms of manipulation is essential to get staff to understand their role in protecting company assets.
If an SME feels that compliance is too much of a big ask, they should seek external help. Do not wait to get breached before reaching out for help when it will actually be too late.
In 2024, achieving compliance is almost a pre-requisite to gain more clients for public companies and this can only be beneficial for private companies.
Felix Gyamera is owner of TopSalesDev
Comment Guidelines
National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.