Posts Tagged :

SMEs

Security demands on SMEs ‘increasingly a barrier to success’

960 640 Stuart O'Brien

UK SMEs are potentially losing out on a third of all enterprise contracts due to cyber fraud and cyber security credentials not being to a recognised standard.

That’s according to research from cyber security awareness platform, CyberSafe, which revealed 37 per cent of organisations have been required to achieve a recognised cyber security standard over the past 12 months by their enterprise customers before successfully securing contracts.

That’s a rise of 9 per cent from 2017’s study results, when only 28 per cent were obliged to prove their proficiency in cyber security.

The research also highlights an increasing scrutiny of cyber security in supply chain organisations by enterprise customers who, due to increases in regulations and high-profile data breaches, are more concerned than ever about protecting their data.

Forty per cent of respondents have been asked by an enterprise customer to add cyber security precautions to contracts or RFP processes in order to win contracts in the past year.

Oz Alashe, CEO and founder of CybSafe, said: “The study has revealed how enterprise customers are increasingly prioritising cyber security when tendering for supply chain businesses. While lax cyber security precautions may have gone relatively unnoticed a few years ago, businesses are now losing out on lucrative deals with their biggest customers because of them. Due to tighter regulations and an abundance of high-profile breaches, organisations have had to re-review and reinforce their entire IT estate, including third party suppliers.

“The study demonstrates that SMEs are actively taking measures to make themselves cyber secure to meet the terms of new contracts. This is because it is no longer enough for an enterprise organisation to ensure that its own network is secure, any supplier must also demonstrate it’s cyber secure too.” 

Image by TheDigitalWay from Pixabay

Code

GUEST BLOG: Securing SMEs for the future

960 640 Stuart O'Brien

By David Navin, Head of Corporate, Smoothwall

Cyber-attacks are nothing new, with a new threat, attack or breach making a regular occurrence on the news agenda. With a number of high profile attacks on large corporations such as Yahoo, Sony, TalkTalk and Camelot, it is easy to think that cyber criminals only go after the big fish.

In fact, security expert Dr. Emma Philpott recently stated: “There’s a lot of great talk, but most SMEs do nothing about cyber-security. It’s shocking.”

Although it may sound harsh, Philpott was actually simply confirming what the majority of the security industry will tell you; that SMEs rarely have clear, actionable measures in place which present a rather inviting opportunity to hackers and threat actors.

Research last year found that 48 per cent of SMEs fell victim to at least one cyber-attack in the past year, with 10 per cent targeted multiple times. It begs the question, therefore: why do SMEs not consider their cyber security as important an issue as large enterprises?

Last year in the UK there were 5.4 million SMEs, making up over 99 per cent of all UK businesses, making them absolutely crucial for the UK economy. With such importance placed on UK SMEs, it highlights the sheer importance as to why the security problem is so serious and needs to be addressed.

It isn’t that SMEs are over-confident or ignorant to the threat of cybercrime. The majority of SMEs suffer from an inferiority complex and believe they are not at risk because they are not big or important enough to be a target for hackers.

They could not be more wrong.

Consumers share their data with SMEs on a daily basis, with many large companies working with SMEs as part of their supply chain. This makes SMEs a very attractive proposition for criminals looking to get hold of valuable data – be it corporate or personal. By playing a part in the supply chains of larger companies, they can be exploited as back doors into their larger partners, providing cyber criminals with a passage to attack the ‘bigger fish’. Security is another issue as well. Aside from the value of the data they hold, SMEs provide a bullseye for threat actors as they tend not to have the same level of security in place as their larger counterparts. This means they are not only an appealing option to hackers, they are often an easy one.

Constant vigilance

With the increasingly common Advanced Persistent Threat (APT), there is more chance that a cyber-attack has been set out to steal data rather than to cause damage to the network or organisation.

Mitigating against such attacks is very challenging and larger businesses invest in highly complex security systems to protect themselves. It is often the case that SMEs don’t feel they can afford such investment, but the truth is that there are some security measures that can be taken without huge cost.

There are five fundamental security measures every business should have in place: web security with perimeter firewall, application control, network segmentation, IPS (Intrusion Prevention Systems) and email security. By implementing these, SMEs can begin to build a defence with these security pillars as their foundation. As the business grows, further investment can be then made and built on top of this. 

Go small to win big

SMEs can take no chances. If found to be the weak link in a large organisation’s security defence, it is likely that they will lose that partner and the hundreds of customers that come with them, and the reputational and financial damage that will result could be catastrophic to a small business. We have already seen how a cyber-attack can affect a company’s prospects, with Yahoo’s acquisition by Verizon cut significantly as a result of its 2014 hack, and SMEs can be subject to the same consequences as well.

This is why, alongside having the core five defences in place, SMEs must adhere fully to security regulation. We know compliance is a painful process for SMEs – it can be time-consuming and therefore costly. There is no avoiding compliance, even if it does not necessarily lead to better security, but what it will always do is protect relationships with larger partners. Coupled with at least a basic level of security, the SME becomes far less appealing to a hacker.

Companies, no matter their size, need to have all the measures in place so as to keep their data watertight and relationships safe. Reputation for any company is built from the bottom up: prevention before cure, or face the ignominy of a potential debacle, TalkTalk-style.

Forum Insight: Savvy SEO tips for start-ups that won’t break the bank…

800 450 Jack Wynn

With 50 per cent of new businesses failing within five years, recent research has revealed that many small businesses are missing out on opportunities to market online due to a lack of digital knowledge.

The research from 123 Reg found that 73 per cent said they did not advertise online and 42 per cent reported having no digital presence. SEO and other terminology also stumped 48 per cent of business owners surveyed, and only 53 per cent said their websites were easily readable via a mobile device.

“Being digitally savvy is especially important for start-ups. It can be the difference between your business being seen in the right places by the right people, and even small changes can have a huge impact,” comments Alex Minchin, founder and director of SEO agency Zest Digital.

Here, Alex shares three instantly achievable tips for small businesses looking to get started with SEO:

  1. Sign up to Google Analytics and Google Search Console and add the necessary code to your website: These are two free tools that will enable you to measure performance, even if you don’t understand it all immediately. You cannot improve something that you’re not measuring, and these tools will measure things such as; the number of visitors landing on your website, the best performing content, keywords driving traffic, any broken links or pages, and the links from other websites that are pointing back to your website.
  2. Start local: Most searches in the micro and small business world include local modifiers such as your city or county, e.g. “Plumbers in Croydon”. An easy way to start to build some gravitas towards your website is to feature on business directories. This creates ‘citations’ (mentions) of your business name and confirms your address and other details, in addition to pointing a link back to your website. It’s crucial to make sure your information is kept consistent, so finalise your details and use the same information as a template for all directories. These things will help to increase the strength and trust of your website. Just be sure to focus on reputable directories such as Touch Local, 192, Freeindex, and Opendi for example.
  3. Focus on the real basics and design each META title and description for each of the key pages on your website as a minimum: The title tag and descriptor underneath the search result is considered as a ranking factor by Google, and can positively influence your rankings for a particular keyword. Your title should include your keyword and brand name as a minimum, but try to be as creative as possible with the character limit (55 is the defacto) that you have available.  In the META description, it’s more important to include your value proposition and key information, for example “free delivery on all orders”, or “free quotation”. Remember, you’re trying to stand out to win a greater share of the clicks against the other websites competing for the same keyword so details and USPs are key.

“It’s widely reported that somewhere around 90 per cent of all purchasing decisions begin with a search engine and a search query.  SEO can therefore play a huge part in the marketing strategy of a small business.

Alex continues. “Sharing your expertise through content and delivering value to your target market is the name of the game, and it’s a playground that, whilst dominated by some larger brands, isn’t policed by them. It’s entirely possible for a small business to compete and win on this channel, and doesn’t have to involve a huge cost in doing so.”

UK SME’s must adapt to digital economy or pay the price…

800 450 Jack Wynn

Tony Richardson, managing director of Octree, has responded to the government unveiling a £1.9 billion programme to protect the UK from cyber criminals up until the year 2021.

The ‘National Cyber Security Strategy’ was launched by the Chancellor, Philip Hammond on November 1 and sets out the ‘decisive action’ needed to protect the UK economy and the privacy of British citizens, meanwhile encouraging the industry to do more in preventing damaging cyber-attacks.

It comes after figures released by the Office for National Statistics (ONS) estimates that there were almost six million instances of online fraud cybercrime in the UK in the 12-month period up to the end of June 2016.

Richards, who has 28 years’ experience in the IT industry, said: “In the long term, this is about education: trying to encourage youngsters to take on ICT-type courses and then move into cyber-security in further and higher education. One of the fundamental problems is that there are fewer people studying ICT at school than there were 20 years ago.

“If the government are just going to throw money at countermeasures, it’s a futile exercise. We’ve got to look at things from an education basis, from a secondary school level.

“For businesses, security training has to be moved up the agenda. It is social engineering that leads to problems as far as ransomware is concerned, because the delivery mechanism will always be an email being delivered or a website being visited. Therefore, people need to be educated not to click on links or open attachments, and to be prepared to question suspect emails and, if necessary, escalate them.

“Ultimately, business directors are going to be liable, so I’m sure they’ll be keen to get that message across.”

“I became involved with a financial services firm after a ransomware infection, called CryptoWall, had completely compromised their systems, locking them out. This was due to their incumbent IT firm not ensuring that basic anti-malware was installed on their computers. They didn’t have a backup and their files were completely locked, so their choice was to pay a significant ransom or attempt to rebuild their data and database from paper records.

“They chose to rebuild their database, which I suspect will have been extremely costly and time-consuming. It’s not unusual for small businesses to be in a situation in which they are unaware that they are unprotected, one of the fundamental problems being that a lot of small businesses do not think that they are vulnerable to these types of attack.

“The second dangerous fraud we’ve seen recently is a whaling attack, or CEO fraud, in which an email is sent, purportedly, from the CEO or Finance Director of the company, generally to the finance department staff, asking them to make urgent money transfers otherwise risk losing some business. The email proves to be fake and the money is lost.

“It’s the social engineering element that is the biggest threat vector for businesses. We’re all part of that altruistic society, we want to help out and provide information and this is the thing that is being exploited. The fundamental problem is that people just aren’t aware of the risks.

“SMEs need to become more aware of the dangers of cybercrime and the options that they have available to them. There’s a perception that cybersecurity counter-measures are incredibly expensive, and therefore it’s better just to ignore the danger, put the head in the sand and hope not to be affected by cybercrime.

“There are ways to ensure that you and your business are taking appropriate measures without breaking the bank.”

Richardson has also expressed enthusiasm for HMRC’s plans to launch ‘Making Tax Digital’, whereby all landlords, businesses and self-employed people will be expected to pay their digital tax affairs via an online account and required to update HMRC on a quarterly basis.

This, as Richardson believes, is an opportunity to tighten cyber-security measures: “I’m a great believer in cloud computing improving security for SMEs, because cybersecurity becomes the responsibility of the software provider, which is in a better position to address those.

“Review any service-level agreements and security certifications. Bear in mind that a small business will have very little influence on negotiation on a large Software as a Service (SaaS) provider, but if you imagine how damaging a successful cyber-attack would be to a large SaaS provider, that offers some reassurance that they will be ensuring their systems are up-to-date.”

 

Richardson will be speaking at the UK200Group Annual Conference, held at the Ageas Bowl, Southampton, S030 3XH from November 16-18, 2016. The UK200Group is a UK-based membership association of quality-assured chartered accountancy and law firms, representing the interests of 150,000 SMEs through its members.