Cybersecurity Threats Pose Dangers to Small and Medium-Sized Businesses, as Warned by NFU Mutual
In the digital age, cybersecurity has become an essential concern for businesses of all sizes. Despite increased concerns, a significant number of businesses have not taken any action to protect themselves from cyber-crime. According to recent research, 45% of businesses have not implemented any measures to safeguard their operations from potential cyber threats.
Of those who have not taken action, a staggering 79% have not even conducted a cyber risk assessment. This lack of preparation leaves these businesses vulnerable to attacks, as the Facebook breach serves as a reminder that cyber breaches can strike through various channels, not just IT infrastructure.
The importance of cybersecurity for small businesses cannot be overstated. Assessing critical dependencies and planning for an incident is crucial, as smaller organizations may find it harder to deal with complex cyber-attacks.
James Trevis, Cyber Portfolio Manager at NFU Mutual, offers three tips for small businesses to assess their cyber risk. The first tip is to understand the specific cyber risks your business faces. Different businesses have different vulnerabilities based on the nature of their operations and data they handle.
The second tip is to regularly review and update your cyber security measures. Cyber threats constantly evolve, so it's important to keep security protocols and software up to date.
The third tip is to invest in employee training and awareness. Since human error is a common cause of cyber incidents, ensuring staff are educated about cyber risks and safe practices is crucial. These tips help small businesses better identify, manage, and mitigate potential cyber threats relevant to their operations.
The increase in remote working has made businesses more vulnerable to cyber-attacks. NFU Mutual's research shows that 47% of businesses feel more vulnerable to cyber-attack since the rise of remote working.
High-profile cyber attacks have occurred on businesses such as Marks & Spencer and the Co-op, emphasizing the need for online security for businesses. Commercial insurer NFU Mutual has warned that small businesses face severe cyber risks, as they are targets for digital criminals.
Case in point, Autobits Motorstore, based in Armagh in Northern Ireland, has suffered two cyber-attacks in the last seven years. In 2019, their point of sale (POS) system was attacked and held to ransom, taking around five working days to get back up and running.
Marty McDonagh, Autobits Motorstore Director, highlighted the importance of having a response plan and strong support systems in place. Autobits Motorstore had access to a team of IT security experts due to their cyber insurance, which helped restore their operational confidence.
Basic cyber security awareness training can significantly reduce the likelihood and impact of a cyber event. Enabling two-factor authentication (2FA) alongside basic cyber controls can also reduce the likelihood of unauthorized access.
Moreover, a good cyber insurance policy can be configured to insure against indirect cyber risks, such as those within the supply chain. NFU Mutual offers a free three-month cyber helpline service for small businesses and small farms.
Phishing was the most common cyber-attack observed in the survey. Businesses are urged to be vigilant and educate their staff about the risks of phishing and how to identify and avoid such attacks.
The 2020 Facebook breach at Autobits Motorstore emphasized the vulnerabilities in routine platforms to cyber-attacks. The incident served as a turning point in how they approach cybersecurity, highlighting the potential consequences. Autobits Motorstore Director Marty McDonagh said, "We've learned a lot from these experiences, and we're committed to improving our cybersecurity measures to protect our business and our customers."
- Small businesses should invest in regular assessments of their cyber risk, as a large proportion of those who have not done so are vulnerable to cyber attacks, as exemplified by the Facebook breach at Autobits Motorstore.
- In the digital age, implementing technology to enhance cybersecurity, such as two-factor authentication and security protocol updates, can significantly reduce the likelihood and impact of cyber events and phishing attacks, as basic cyber security awareness training does.
