Procurement 31 May 2017

Five cyber security measures to protect your business from an NHS-style attack

Research showed just eight per cent of small business owners undertook daily cyber protection measures
Offering practical advice on strengthening a small company’s digital defences, Peter Erceg, senior vice president of Global Cyber and Technology at insurance broker Lockton, outlines five effective cyber security measures that could prove vital in preventing an NHS-style ransomware attack.

The recent WannaCry cyber attack demonstrated UK companies need to start taking the issue of cyber security very seriously. Research from Lockton has found many companies are severely unprepared to manage a cyber breach, with only eight per centchecking daily for hacking activity.

With cyber security now firmly in the spotlight, all business owners, regardless of size, need to start thinking about their cyber risk and put in place appropriate cyber security measures to protect their company.

Know your risk

Whether you are one of the largest organisations in the world or a start-up, your exposure to cyber risks remains the same.

Many small businesses suffer from an air of complacency when it comes to cyber security, believing their business is unlikely to be targeted by cyber-criminals. Challenging this complacency and debunking the notion that small businesses are not targets can be half the battle.

Knowing your risks as a business within the context of cyber crime is crucial. Second guess a hacker what information do you have that would be of most value to them?

What data would you pay a high price to keep out of the wrong hands? Understanding what makes you a target can help you implement more tailored cyber security solutions.

Considering cyber security in the round is also crucial. While the NHS attack showed that operating systems can be a common entry point for hackers, businesses need to consider all aspects of their IT systems that could leave them open to attempted breaches.

As a business? services become increasingly digitalised, itneeds to consider all potential gateways of infiltration. Even the most tailored and bespoke systems are hackable.

Consider the cost

While large businesses can face reputational damage, negative PR, share prices turbulence and a fundamental bottom line impact after a cyber-attack, generally speaking these organisations are equipped with the resources and expertise to weather these storms.

For small businesses the cost of a cyber-attack can be terminal. The average cost of a stolen record is 102 if your records were to be stolen, could you afford to foot this bill?

The reputational damage can also be irreparable, resulting in a loss of current and prospective customers. Establishing the potential cost to your business is essential to ensuring you have the right levels of security and protection.

Master the basics

A common misconception about cyber security is that it’s both technical and expensive.

In reality, the most effective protections to put in place can be the most simple. Examples include regularly updating your operating system and other software and downloading patches when they become available. These updates and add-ons can help plug any known holes in your IT defences.

A good starting point is the government’s Cyber Essentials scheme. The scheme provides free information on how to address the basics and prevent the most common kinds of attacks.

Make staff your assets, not your weakness

In this age of cyber warfare, cyber security is no longer the sole reserve of IT departments. The attack on the NHS involved all employees, from receptionists to radiographers, and the most common way for hackers to gain entry to your business is via your staff.

Your staff can be your most important defence against cyber crime, but they can also be your greatest weakness.