Habits are hard to break. Our brains prefer to learn behaviours and stick to them; walking a well-worn neural network is much easier than trying to create a new one. This serves us when it comes to routine tasks like brushing our teeth or making tea, but it can cause us to maintain habits that are damaging or that could leave us vulnerable.
Small and medium sized enterprises have their own habitual activities. This can be important, helping to deliver consistency and reliability to the customers. It can also be a necessity when operating on tight margins and with limited resources. That said, there is one area of operations within which habitual behaviours can be damaging: the new and evolutionary landscape of digital. Operating online has brought many benefits for the SME, but has also introduced the risk of cyber attacks, which are ever-changing and demand a business be agile and dynamic in their efforts to stay secure.
That isn’t to say that SMEs are unaware of these risks. According to Alliance research, SME owners listed fears of data loss/misuse/threat as the biggest threat for 2018 – higher even than Brexit. However, fears are not necessarily turning into action. New research from Business in the Community (BITC) found that 1 in 3 small businesses in the UK don’t have any cyber security strategies in place if things go wrong. In the past 12 months, 40% say they have not taken any cyber security actions at all, and over three-quarters (77%) have no policy for controlling access to systems. With the average cyber breach costing up to £8,000 to recover from, not taking cyber security seriously is a mistake that SMEs literally cannot afford to make.
And insurance is just one aspect of a cyber resilience plan that all SMEs operating today need to have in place. Good cyber security needs to become a habit of any company; it should be built in at every level of the business and be part of everyone’s job description, no matter what their role. Only with a companywide effort towards cyber resilience can an SME be ready for whatever cyber criminals may try and stand the best chance of avoiding a damaging attack.
Encouragingly, basic cyber security is easy to implement. SMEs who feel they lack appropriate experience, or the money to hire an expert, need not despair. There are also lots of free online resources to help create good cyber habits, one of which is the Business in the Community’s (BITC) website with advice and resources to help SMEs to feel ‘cyber ready’.
So how to make it happen? Here are seven steps for an SME to start creating good cyber habits and make the move from fearing a cyber attack to being as prepared and as ready as possible to face it:
Taking cyber security seriously is now a necessity for any business, no matter the size or the industry. SMEs have the most to lose, simply because of their small size; large organisations can usually swallow the cost of a data breach, but a hack can topple an SME. Now is the time to turn the anxiety and fear of cyber attack into a proactive cyber security strategy, and for SMEs to create new habits and routines to keep their businesses safe. Just as our brains like things easy, so do the criminals – don’t be the easiest target in 2019.
Originally posted here