Small business owners in the UK were issued a stark warning from the government in the summer of 2015: ‘Failure to protect your data will cost you.’
Following the publication of the Information Security Breaches Survey 2015, minister for the digital economy Ed Vaizey outlined that a major security breach for a small business in the UK could cost as much as £310,800.
Pre-empting an increase in the cost of security breaches (the cost to small businesses was £115,000 in 2014), the government published its Ten Steps to Cyber Security in 2014 as a way to help businesses stay safe online.
Following up this information, the government now believes that 49% of registered businesses in the UK are following these protocols.
However, with more than half still not abiding by some simple rules regarding data safety, there’s still work to do. In fact, according to First Data, 90% of security breaches impact small businesses. This means that all small business owners need to be extra vigilant when it comes to data security.
The plethora of information about cyber security can read like a minefield of confusing, conflicting and potentially inaccurate information. Fortunately, the government’s steps to cyber security are a great starting point for all start-ups.
Covering all the necessary areas, such as risk management, home and mobile working, managing user privileges and malware prevention, the guide should put everyone on the right path to cyber security.
Build a secure firewall
Picking out some of the more important points from the government’s list of recommendations, the issue of malware protection is one that stands out.
According to the British government, a firewall is a must: “Install firewalls on the host and gateway devices and configure them to deny traffic by default, allowing only connectivity associated with known white listed applications.”
Fortunately, web application firewalls (WAF) have become more accessible to the average business user (and individual) in recent years thanks to cloud-based technology. By screening HTML, SOAP, XML-RPC and HTTPS, WAFs offer a layer of protection that network firewalls simply can’t.
Through PCI-certified web application firewall suppliers, such as Imperva Incapsula’s enterprise-grade system, small businesses can protect their systems from XSS, SQL injections and buffer overflows without breaking the bank.
Because cloud-based WAFs offer instant access, 99.99% uptime and low maintenance fees, they’re now becoming a common solution for UK businesses.
In fact, according to research by Adapt, a managed cloud service provider, 92% of medium sized businesses in the UK use cloud services, with 57% citing cost saving as the primary driver for this switch.
Essentially, in order to stay in touch with the British government’s security guidelines, web application firewalls are now the sensible option for all businesses.
Watch out for internal threats
However, if you’re a small business owner then this is the end of the story. According to the government’s research, 30% of small businesses suffer ‘staff-related breaches’. Whether malicious or innocent, internal security breaches put small businesses at risk.
Education is often the simple solution to this problem for many business owners. Teaching members of staff how to protect themselves and their systems from external attacks can help reduce the number of data leaks.
When it comes to tackling malicious attacks, the government’s ten steps to cyber security proves invaluable again. Highlighting the concept of ‘least privilege‘, the document outlines ten key principles for privilege management, placing particular emphasis on the idea that most members of staff need the minimum of access to data as possible.
Don’t count the cost of breaches
The cost of data protection slip ups and security breaches is only set to increase in the coming years. Indeed, the risk to small businesses in financial terms more than doubled between 2014 and 2016.
Taking control of the situation and harnessing the power of experts providing firewall services and more is crucial if small businesses want to thrive in the current cyber threat landscape.