According to the Cyber Security Breaches Survey 2018 published by the UK’s Department for Digital, Culture, Media and Sport, in which 1,519 UK businesses were surveyed, three-quarters of businesses (74%) say that cyber security is a “high priority for their organisation’s senior management”.
And yet in the same research, more than a third (33%) stated that they have no plans to invest in improving cyber security.
With almost half of UK SMBs experiencing a cyber attack in the last year, data security and encryption are no longer a nice to have but a business essential. With 98% of businesses relying on some form of online communication, having a solution in place to encrypt and protect data in transit is fundamental.
One of the main reasons why online encryption is falling behind in business priorities for SMBs is the misconception that their data won’t be hacked – after all, the cyber criminals are just after the big fish, right?
According to data compiled by insurance company Zurich, 875,000 SMBs across the UK were affected by a cyber attack in 2017, with London firms worst affected. If you’re a small or medium-sized enterprise, there’s around a one in two chance that you’ll experience a cyber security breach, says the UK’s National Cyber Security Centre (NCSC).
SMBs are easy targets for cyber criminals – purely because many of them believe that they won’t be targeted and therefore do not invest in online encryption. Employees brazenly use unsecure networks and work remotely without actively considering the consequences of open data communications and what it means for data security.
This attitude of complacency is prevalent throughout SMBs, and has had a crippling effect on the adoption and implementation of data security and encryption solutions in SMBs.
2. Security technology is overwhelming
Unlike large businesses, most SMBs don’t have a dedicated IT department to manage their online security, and as such, the responsibility falls to the in-house IT administrator or business owner.
Technology has always been a challenge for SMBs – and when it comes to data security and encryption, most solutions need to be modified to meet business needs. Consumer-grade VPN solutions, for example, require additional configuration and components to deliver the necessary functions, whilst enterprise-grade solutions are far too costly and complex to set up.
Furthermore, as employees bring their own devices and connect to the business’ secure network, SMBs need to deploy and manage more than one security solution.
As a result, the in-house IT administrator or business owner acquires the most affordable solution and retrofits it to meet the business’ needs. The business owner and/or in-house IT administrator puts off updating the software/technology as long as possible – it simply takes too long and devastates business productivity.
3. Not enough advice or support
According to John Unsworth, chief executive of the London Digital Security Centre (DSC), small businesses not only need information, but also help and support to tackle cyber crime and implement effective cyber security. “Information is good, but action is better,” he says, ultimately, there’s a lot of information around cyber security but businesses want advice on how best to implement a strategy and make use of that information.
Indeed, in the Cyber Security Breaches Survey 2018, it’s highlighted that 59% of businesses have sought information, advice and guidance in the last 12 months on the cyber security threats they face.
Clearly, businesses are aware of the importance of encryption – but the limited information and best practice advice online has made it incredibly difficult for them to develop an effective strategy.
4. No ongoing cyber security training
Perhaps most detrimental of all is the lack of ongoing online security training. Cyber threats are evolving at an unprecedented rate and to combat these threats employees must be up to date with the latest changes and developments.
Of course, for SMBs with limited capital and resource, sending employees to training sessions or conferences is not always an option. However, if employees have no knowledge or appreciation of online threats and the risks they pose to the business, they will continue to use unsecured connections, personal devices, and weak passwords… all of which leaves the business vulnerable.
On the other hand, for some SMBs it’s not a matter of cyber security being low down on the list of business priorities, but more down to the fact they are unsure of how to proceed.
As more and more business communication is done through online/digital channels, and more and more employees work remotely, businesses must have a solution in place to keep communications private and secure, particularly across unsecure networks.
Cyber attacks will continue to evolve and become more complex, and therefore employees must be not only aware of the importance of online encryption, but also up to date with the latest trends and developments so they know how best to respond.
Privatise Online Encryption can provide the robust data security and encryption that SMBs need. As a built-for-business VPN solution, Privatise comes equipped with all the necessary functions that SMBs need to ensure employee devices and communications are protected and secure across unsecure networks.
In this eBook we explain why small businesses need to take security seriously and address the very real challenges associated with deploying and managing the complex, multi-tiered security models required to safeguard businesses.
Privatise’s business VPN solution is the first internet privacy protection tool developed specifically to meet the practical needs of small and medium businesses.