Staff vigilance is vital in the prevention of cyber attacks, according to new research from the Department for Digital, Culture, Media and Sport (DCMS) and National Cyber Security Centre (NCSC).
In nearly three-fifths (57%) of businesses experiencing recent cyber attacks, the most disruptive was reported directly by staff, rather than picked up automatically by software. As a result, Government is calling for more staff to be empowered by employers to become ‘cyber security champions’ and equip them with the skills to spot and prevent a cyber attack.
Having an individual whose job role includes cyber security is directly linked to a faster response. However, research shows that only 35% of businesses have staff whose job role includes internet security or governance, despite two thirds (68%) saying cyber security is a high priority.
Upcoming research from DCMS, as part of the cross-government Cyber Aware campaign, found that many businesses (38%) believe only staff responsible for IT can protect an organisation from a cyber attack. However all staff can play a role in protecting the business and Government guidance is on offer to help. SMEs are being encouraged to implement a #CyberSpringClean ahead of the new financial year to ensure their workforce is able to raise the alarm and help prevent a cyber attack. The Small Business Guide sets out the quick and practical steps staff can take.
Cyber attacks on small businesses cost an average of nearly £900 – including everything from staff being prevented in carrying out work, to lost revenue if customers could not access online services. Research also shows that 42% of micro/small businesses experienced a cyber attack in the last 12 months.
Clare Gardiner, Director of Engagement, NCSC commented: “Identifying a ‘cyber security champion’ in your company is a great way to help avoid a damaging cyber attack or data breach on your business. They don’t need to be a technical expert as we offer some great free advice in the Small Business Guide. It is important to pick the right person – for example someone who is good at motivating staff – and give them the tools and support to raise awareness and implement good cyber security measures. We’re encouraging all small businesses to use the new financial year to have a #CyberSpringClean and get staff involved with protecting the business against hackers.”
The Cyber Aware campaign is encouraging small businesses to #CyberSpringClean by implementing advice from the Cyber Security Small Business Guide across their organisation. The Small Business Guide encourages SMEs to be cyber secure with five quick, practical, and cost-effective steps to significantly reduce the risk of becoming a victim of cyber crime:
- Back up your data: Make regular backups of your important data, and test they can be restored
- Install the latest software and app updates on all devices: Installing the latest software and app updates helps protect your devices from viruses and hackers as they contain vital security updates
- Keep your devices safe: Switch on password protection for your smartphones and tablets. Use a suitable complex PIN or password which can’t be easily guessed
- Use strong passwords to protect data: Use “two-factor authentication” for ‘important’ accounts. Avoid using predictable passwords
- Avoiding phishing attacks: Scammers send fake emails to thousands of businesses trying to trick you out of sensitive information like bank details. Use our advice to check for the obvious signs of phishing.
This advice can help an individual in a business navigate simple steps to improve cyber security and can be low cost or no cost for the business at all.
Earlier this month, the Cyber Governance Health Check report found that Boards at some of the UK’s biggest companies (FTSE 350) still don’t fully understand the potential impact of a cyber attack and called on them to do more. SMEs are encouraged to follow suit due to a mere 30% having Board members or Trustees with responsibility for cyber security, and only 20% of businesses have had staff recently attend internal or external cyber security training.
Digital Minister Margot James said: “The UK is home to millions of successful small businesses, but we know that protecting against cyber attacks is not always at the top of their list of things to do. That’s why we want to make it as easy as possible for companies to benefit from being online and to do so safely.
“We are working closely with the National Cyber Security Centre to promote the practical steps firms can take, and I would urge all SMEs to download our free Small Business Guide to help make sure that they don’t fall victim to cyber attacks.”
The #CyberSpringClean aims to help rally SMEs to consider their cyber security provisions ahead of the start of the new financial year, and to approach cyber security with confidence in 2019.