Why digital security should be your firm’s biggest focus

Simon Bramble

Tuesday 6 September 2016

Sony Pictures, TalkTalk, Target, Adobe. Some of the biggest companies in the world; modern, relevant and successful. And yet, all have been subjected to high-profile data breaches. We tackle the issue in the first of our Securing your business series.

The attacks varied – in Sony Pictures’ case, confidential personal and corporate information was leaked; Adobe meanwhile had customer IDs and encrypted passwords exposed.

You may think companies like these are easy targets because of their sheer size and reputation. And you’d be right. But there’s no doubt that digital attackers are becoming far less discerning. The Information Security Breaches Survey 2015 found that 74 per cent of small to medium-sized enterprises (SMEs) reported a data security compromise in the previous year.

The report also found that the average cost to SMEs of the worst security breaches was anything from £75,000 (€89,477) to £310,800 (€370,784), and that 30 per cent of SMEs suffered breaches caused by their own staff.

Size is no longer important

The advent of cloud computing and remote working, coupled with increasingly sophisticated hacking techniques and malware, has meant that no target is too small. An online order placed with your store for just a few pounds may seem insignificant, but to a determined hacker it could be the backdoor to information you share with much larger clients.

There are other reasons why SMEs are becoming more vulnerable to information theft. Attackers realise that security is often pushed to the bottom of the to-do list amid the day-to-day stresses of running a small business. They know that you and your staff may work remotely, over unsecured public Wi-Fi networks. And they’ve figured out that as your business grows, so the data you store increases – and that, with no dedicated legal team, you may be neglecting some of the safeguards that go with that storage.

Understanding the threat

Attacks, breaches and exploits can take many forms. Knowing what to look for should be the first step to shoring up your digital security.

  • Hack attacks: Software vulnerabilities are targeted by hackers to force entry to a company’s network, allowing them to explore information trees with almost complete freedom. Personal data including credit card information, PIN numbers and passwords are often the targets.
  • Distributed Denial of Service (DDoS) attacks: Vast amounts of data are directed at a company’s servers to overwhelm and bring down any online channels.
  • Ransomware: A phishing email plants malicious software onto a host device or server and encrypts all of the data on it – or worse, across the entire network. The decryption key is only delivered on receipt of a ransom payment.
  • Human error: Whether it’s misplaced laptops or wrongly distributed information, employees are often the loosest bricks in a firm’s security wall.

Yet despite businesses of all sizes being caught in the crosshairs, it’s easier for SMEs to fortify themselves. “A big company is more vulnerable than a small company: they have big data pools and hundreds of people have to have access,” said Richard Horne, a partner at PricewaterhouseCoopers, in a roundtable with The Guardian.

“If you are at the smaller end of the scale, being smart about business processes and understanding where those business processes might be exploited is easier than for a large organisation.”

Next month, and as part of the Securing your business series, Think Progress will be examining whether the password is still the best way to secure sensitive information.


Building the next-gen data centre

Where traditional and web-scale apps co-exist