Is your business doing enough to secure itself online?27 Mar 2014
Richard Anning, Head of IT Faculty at ICAEW, offers tips on how to manage online security risks
With more and more business transacted online and an increasing amount of company information and knowledge stored digitally, the risks to online security have never been higher.
Figures from the 2013 BIS Information Breaches Survey showed that 93% of large organisations and 87% of small businesses had a security breach in the last year. Not a day goes by without another story of a major breach or attack hitting the headlines.
Lessons from the auditors
The good news is that businesses are becoming more aware of the issues and taking steps to address them (certainly at the top end). In the recent ICAEW Audit Insights: Cyber Security report, which summarised the insights of the six largest audit firms from their audit work with their clients, it was noted that boards are becoming more aware of the issue, albeit that in many cases it is being perceived as an IT issue rather than a business one. This was reflected in two roundtables ICAEW ran in 2013 looking at cyber security in the boardroom.
Other useful lessons from the Audit Insights report included:
- Businesses should consider cyber in everything that they do
- Businesses should work on the basis that they will be compromised
- They should take action to highlight and protect their critical information assets
- They should undertake basic cyber hygiene (which will reduce the likelihood of breach by 80%)
What about smaller businesses?
Smaller businesses are characterised by fewer or no IT staff, a general feeling that they are too busy running the business to spend time on cyber security and have little of interest to cyber criminals anyway. The main point to realise is that all businesses will have something of interest to a criminal and, as pointed out in the Audit Insights report, it is important to understand what that is and protect it. The IT Faculty has written a short guide to help small businesses understand the risks and how to overcome them (10 Steps to Cyber Security for the smaller firm).
Where to get further help
ICAEW cyber resource centre – with free advice and guidance created especially for members
cyberstreet.com – a new government help site that provides practice tips and hints from the smaller business and individuals
ICAEW is sponsor of the Sustainable Business Award, which was won by an SME in 2013 - London Bio Packaging – despite competition from finalists including Anglian Water, Veolia Environmental Services and Jewson. If you’re an SME that has embedded sustainable business practices to support long term growth, why not enter in 2014 to gain national recognition for your achievements.