Cyber risks are real and serious, so smaller businesses need to understand and manage them. BSI’s Little Book of Cyber Security can help
In the past year, 39% of businesses reported cyber security breaches, with the average cost of a breach put at £8,460.[1] In addition, there can be hidden costs to cyber security breaches that are hard to quantify, including the loss of potential business that may follow them.
If you run one of the UK’s small and medium-sized enterprises (SMEs) – which make up over 99% of the country’s 5.6 million businesses[2] – you may also be seen as a soft target by cyber criminals, who will assume you lack the resources and defences of larger organizations. This leaves SME leaders grappling with the urgent and critical challenge of implementing an effective cyber security strategy.
Thankfully, help is at hand. BSI’s recently published Little Book of Cyber Security is a short, straightforward guide to get you started.
The book begins by defining cyber security as “the preservation and protection of the privacy, integrity and accessibility of data”, with the aim of minimizing the occurrence and impact of information security incidents and sustaining business continuity and performance. Cyber security is achieved through the application and management of appropriate controls in response to a wide range of potential threats.
Cyber security may not be at the forefront of the day-to-day running of your business – or it may feel too complex an issue to tackle – but the book explains that it doesn’t need to be time-consuming or complicated. The first decisive step is to understand what is at stake and why cyber security matters. While SMEs tend to have simpler data-handling processes than larger organizations, this does not make them any less vulnerable to the impact of a breach, or any less liable should they fail to meet regulatory requirements.
The most obvious cyber risk is a data breach that leads to the loss of confidential or sensitive information. Such a breach can result from either a malicious attack – 83% of breaches result from phishing[3] – or because of accidental or unauthorized sharing of data. For small firms, the financial and commercial costs of such a breach can be crippling.
Then there is the challenge of complying with legal obligations – notably the UK General Data Protection Regulation (GDPR) – which protect the public and ensure that individuals can retain control over how their data is used. Data protection violations can result in severe fines being levied against offending organizations, as well as penalties for individuals, usually senior executives, found to have personal liability.
The Little Book of Cyber Security points out that cyber security is not just about managing risks, but also grasping opportunity. In fact, looking after the cyber security of your business can give you a distinct advantage over your competitors, particularly if you’re working with larger organizations that apply stringent rules when choosing their suppliers and business partners. And having easy-to-follow cyber security procedures in place will empower your people to work safely and confidently.
Standards can play a key supporting role by helping you develop and improve your cyber security practices. In particular, the book highlights how the ISO/IEC 27000 series of information security management standards – led by internationally recognized ISO/IEC 27001 – offers a simple path to best practice that can be tailored to any SME’s needs. Then there is the business continuity management standard BS EN ISO 22301, which can help minimize disruption to your business if a cyber security problem arises.
Applying cyber security standards involves assessing the risks you face and the benefits you can gain from improving your systems. For example, you’ll need to consider the right level of controls to be applied to different groups of employees, including remote workers, to ensure that data is protected while also giving them hassle-free access to it. Standards help by providing a reliable, consistent framework for such controls.
As well as putting robust security measures in place, ensuring regulatory compliance can seem onerous for an SME, requiring tasks such as completing a data audit and educating employees that cyber security is the responsibility of everyone in your organization – not just IT specialists. By following the best practice that standards promote, you can make the process straightforward, ensure your approach is up to date, and protect your organization and your people from harmful outcomes.
As an SME, the means exist for you to focus on cyber security and stay safe as you grow. Through standards, you can protect yourself against cyber risks, enable more efficient ways of working, enhance customers’ trust, and open up new opportunities. It all leads to improved business performance and organizational resilience.
The Little Book of Cyber Security shows you how to kick-start this vital journey right now.
[1] Source: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021
[2] Source: https://www.gov.uk/government/statistics/business-population-estimates-2021/business-population-estimates-for-the-uk-and-regions-2021-statistical-release-html
[3] Source: as 1 above.