Procurement 31 May 2017

Five cyber security measures to protect your business from an NHS-style attack

Research showed just eight per cent of small business owners undertook daily cyber protection measures

Offering practical advice on strengthening a small company’s digital defences, Peter Erceg, senior vice president of Global Cyber and Technology at insurance broker Lockton, outlines five effective cyber security measures that could prove vital in preventing an NHS-style ransomware attack.

The recent WannaCry cyber attack demonstrated UK companies need to start taking the issue of cyber security very seriously. Research from Lockton has found many companies are severely unprepared to manage a cyber breach, with only eight per cent checking daily for hacking activity.

With cyber security now firmly in the spotlight, all business owners, regardless of size, need to start thinking about their cyber risk and put in place appropriate cyber security measures to protect their company.

Know your risk

Whether you are one of the largest organisations in the world or a start-up, your exposure to cyber risks remains the same.

Many small businesses suffer from an air of complacency when it comes to cyber security, believing their business is unlikely to be targeted by cyber-criminals. Challenging this complacency and debunking the notion that small businesses are not targets can be half the battle.

Knowing your risks as a business within the context of cyber crime is crucial. Second guess a hacker – what information do you have that would be of most value to them?

What data would you pay a high price to keep out of the wrong hands? Understanding what makes you a target can help you implement more tailored cyber security solutions.

Considering cyber security in the round is also crucial. While the NHS attack showed that operating systems can be a common entry point for hackers, businesses need to consider all aspects of their IT systems that could leave them open to attempted breaches.

As a business’ services become increasingly digitalised, it needs to consider all potential gateways of infiltration. Even the most tailored and bespoke systems are hackable.

Consider the cost

While large businesses can face reputational damage, negative PR, share prices turbulence and a fundamental bottom line impact after a cyber-attack, generally speaking these organisations are equipped with the resources and expertise to weather these storms.

For small businesses the cost of a cyber-attack can be terminal. The average cost of a stolen record is £102 – if your records were to be stolen, could you afford to foot this bill?

The reputational damage can also be irreparable, resulting in a loss of current and prospective customers. Establishing the potential cost to your business is essential to ensuring you have the right levels of security and protection.

Master the basics

A common misconception about cyber security is that it’s both technical and expensive.

In reality, the most effective protections to put in place can be the most simple. Examples include regularly updating your operating system and other software and downloading patches when they become available. These updates and add-ons can help plug any known holes in your IT defences.

A good starting point is the government’s Cyber Essentials scheme. The scheme provides free information on how to address the basics and prevent the most common kinds of attacks.

Make staff your assets, not your weakness

In this age of cyber warfare, cyber security is no longer the sole reserve of IT departments. The attack on the NHS involved all employees, from receptionists to radiographers, and the most common way for hackers to gain entry to your business is via your staff.

Your staff can be your most important defence against cyber crime, but they can also be your greatest weakness.

The need to train staff is particularly crucial given most common attacks – such as fraudulent emails, viruses, spyware or ransomware – are designed to prey upon the unawareness of staff.

Our research found over a quarter of UK organisations are failing to ensure staff know the correct procedure if they spot an attempted cyber breach.

Making sure staff know how to keep systems secure but also how to react appropriately in the event of an attack can both mitigate damage and prevent attacks altogether.

The need to educate staff on cyber security measures is even more pressing for smaller organisations that don’t always enjoy the luxury of an in-house team of IT experts.

Speak to the experts

Speaking to experts outside the four walls of your organisation can provide valuable insight. Consider appropriate protection that will cover critical corporate assets should a breach occur.

Speak to your insurance broker about what may be covered and what breach response services they may be able to offer you by way of insurance policies.

Peter Erceg is senior vice president of Global Cyber and Technology at insurance broker Lockton, the world’s largest global independent insurance broker

Find out more about government plans to boost the cyber defences of small UK businesses

Sign up to our newsletter to get the latest from Business Advice.