With recent figures showing that as many as two-thirds of small businesses reportedly fell victim to cybercrime last year, the age-old “too small to be significant” mentality is clearly a flawed school of thought when it comes to cybersecurity.
Generally, businesses have either had the false impression that they’re not a big enough target or fly “under the radar” when it comes to having information exploited. In truth, the stakes couldn’t be higher. It’s common for attackers to target the path of least resistance, so smaller organizations should never assume that they are too insignificant to matter – they could be the first link to a customer’s larger supply chain network or high-value employee, or a pawn in someone else’s more nefarious endgame.
With small businesses providing the lifeblood for the UK economy, it’s vital that their cyber health is given a regular check-up. To get a good overall insight into how organizations can reduce their cyber risk exposure given the escalating threat landscape, here are a few considerations as a place to start:
Security must be data centric – protect information
Data is fast becoming the commodity of modern businesses. Therefore, they should be able to answer questions regarding what types of data they collect, how attackers could use that information if they got their hands on it; and most importantly, what is the business doing to protect that data?