Procurement 3 October 2018

Why aren’t micro businesses protecting themselves against cyber threats?

Not taking cybersecurity seriously could lead to the loss of assets, reputation, sales and customers
Writing for Business Advice, Simon Yeoman, general manager at?Fasthosts, reflects on misconceptions around cyber threats and explains how micro companies can protect themselves.

In a recent YouGov/Fasthosts survey it was revealed that 79% of decision-makers in micro businesses do not consider cyber security to be a high priority. In fact, it came fourth out of a list of priorities, behind “improving working efficiency” (37%), “expanding into new markets” (28%), and “creating new products and services” (28%).

But why are micro businesses taking their own cyber security so lightly?

The research further revealed that 84% stated they already had cyber security in place. Casting aside for a moment the worrying 13% of businesses that have no cyber security measures in place at all, the 84% who say they do are worth examining more closely.

When questioned further it transpired that the type of security seemed to be limited to “security software” (off the shelf antivirus package) (73%), having a firewall (63%), while only 53% regularly update their software.

These security measures are not nearly sophisticated enough for a business, no matter how small. And the root of this attitude seems to be that micro businesses do not think they are big enough to be targeted by cybercriminals. This is a dangerous line of thinking.

Small businesses are a huge part of the British economy. In 2017 micro businesses made up 96% of the SMEs in the UK. These smaller businesses account for 33% of employment and 22% of turnover nationwide.

Not taking cybersecurity seriously could lead to the loss of assets, reputation, sales and customers any, or all, of which could push a company over the brink into bankruptcy.

Protect yourself

In the survey mentioned above, only 11% said that they had been affected by cyber-attacks, despite a study last year (2017) from the Federation of Small Businesses (FSB) showing that two-thirds of its members claimed they had been victims of cyber-attacks between 2014-2016.

This means that it is likely that many of the businesses that don’t believe they have been compromised are simply not aware of any breaches. If only 14% of those businesses actually have the means to detect if theyve been compromised you heard that right, the survey revealed only 14% do then most micro businesses just don’t realise that theyve been hacked until it’s too late.

As mentioned above 84% of micro businesses do have some form of cyber security protection in place, but it appears to be rudimentary, limited to readily available security software and firewalls. But what about program updates?

Update alerts for operating systems and software always seem to pop up at the most inconvenient times, right when you’re in the middle of something and up against a deadline or when you’re just about to shut down for the night, so that’s maybe why only 53% update their programs and systems regularly as part of their security strategy.

However, this opens up your business to a huge security risk, as older software will continue to have the same bugs and exploitable holes long after they have been discovered and, worse still, all of these exploitable entry points have most likely been made public after the release of updates.

A cloud on the horizon