Firstly, it’s important to understand what cyber security is
The key principles of cyber or Information Security is to protect the confidentiality, integrity and availability of sensitive or critical data.
Do I even have any critical data?
Critical data is normally proprietary data, or regulatory data such as customer personal information, healthcare or financial records, payment card data, etc.
So, in terms of a retail store we look at customer records, payment information, personal information and how it goes from their customer before being used within the businesses. Also, any special recipes, or algorithms that sets them apart from the competition is also deemed critical data.
OK, so I have some critical data in my business – how do I determine if it is at risk?
Assets + vulnerability + threat = risk.
In order to measure the risk, we look at likelihood and impact and that helps us prioritise.
Think of it as protecting your car. The asset is your car, the vulnerability might be an open window or a door with a weak lock and the threat might be Mr. Burglar that’s been around the neighbourhood. Putting that all together with Likelihood and impact creates your risk score. It’s exactly the same with cyber security but we are looking at your digital assets and where they are at rest, in motion and in use.
Data is fluid so and just like driving your car, data moves around. It might be secure in one area but if it gets emailed or put on a USB, then we can’t control it and the risk becomes much greater.
I think I get it but surely this is down to IT and I have a firewall so I think I’m ok.
Short answer is no you are not! Long answer is that it is more than just technology. The full scope looks at people, process and technology. Often enough if there were no staff, it would be very easy to secure the data, however once it becomes in use (in an application, or other), then that is where the risk increases. The #1 risk is phishing where the targets are your staff and it’s more about social engineering than breaking into the server, application or firewall.
I am only an SMB, don’t the hackers just go after the big guys?
Yes, we have all heard about Honda, EasyJet, Toll Group, Lion in the news, but hackers target all size businesses but we only really hear about the larger breaches (they make great news stories!). The larger firms might see a more sophisticated attack while the smaller firms might see an attack that’s been around for a while, but they haven’t taken steps to protect against the threats. Many times, a small business might not know the threats, what their own internal vulnerabilities are and the collective picture of risk
Attacks on SMBs are on the rise but 87% of SMBs believe they are safe from an attack with antivirus software. This is a big concern.
The average cost of cyber-crime to Australian businesses is $276k.
It takes between 23-51 days to resolve an attack.
$29 billion is the estimated cost of cyber-crime to Australian businesses regardless of size.
I have read your article and I am still not convinced that my business is at risk, what can I do that isn’t going to cost me an arm and a leg to find out?
Great point, which is why you need to have a Vulnerability Scan done on your business to start identifying your risk. The scan is done from the outside and provides you with a report of external facing vulnerabilities (email, websites etc..)
If this article has you curious or concerned about your businesses cyber vulnerabilities then click HERE to have someone email you with next steps to secure your scan.