Pensar Blog

Strong cyber resilience: here’s what it looks like in a small business

Written by Mark Williams | 11 July 2017

Keeping IT productive with minimal downtime can sometimes feel like doing rounds with Mike Tyson - especially if you’re a small business with limited resources. Whether it’s a technology failure, human error or external threat - you fix one thing; then another comes at you.

Hackers and cyber criminals are the biggest (and most difficult to block) threats to small businesses in the digital economy. According to recent studies by The Federation of Small Businesses:

  • 66 percent of small businesses have been a victim of cybercrime at some point
  • On average, they’re subject to four incidents every two years
  • Cybercrime costs victims nearly £3,000 each time

But even the lucky ones aren’t so lucky. Businesses who haven’t yet experienced an incident are (like the rest of us) seeing new security threats and scares almost every week, while trying to prevent them. You dodge one punch; then you’re faced with some more. 

The cyber world is a tough one. But the key to survival is strong cyber resilience. You have to able to stay competitive in the ring, recover quickly if you do get hit, and keep on track for the rest of the game.  Here’s a quick-fire round of what you need to build and maintain resilience.

1. A proactive and agile IT strategy

Strong cyber resilience starts with a robust and proactive IT strategy. Being proactive today means having built-in agility to be prepared for change and uncertainty.

Word of advice: if threats have the potential to take down a whole business, then it stands to reason that your approach should be business-wide too. You need to think about technology and data management, but also about people and processes. Managers from all countries and departments should work together to ensure every base is covered. Lack of strategy is risky anyway, but now it is essential - particularly with growth and expansion.

2. Reliable back-up and recovery systems

In your strategy, you should always include contingency and crisis plans. Because even with a solid path to security, incidents are more and more frequently occurring off-the-chart. A attack can catch anyone out, and modern threats that you aren’t prepared for will only end in disaster.

This is why back-up and recovery is the cornerstone of cyber resilience. In fact, it’s the main thing differentiating it from cyber security. If you experience unexpected disruption, you need to be able to bounce back and maintain business continuity and operational excellence, no matter how bad the situation is.

3. Top-notch knowledge of best practice

Aside from keeping software updated, you need to be up to date on best practices to be resilient. Not only does this give you peace of mind, but small businesses can also use high-level security to differentiate themselves. Why? Because 83 percent of customers seek trustworthiness more than anything today.

4. Awareness of emerging trends and threats

Understanding the wider world of tech is key to strong cyber resilience. It’s often hard for IT professionals and business managers to sift through the hype and tripe around cyber security. But done right - and combined with analytics - understanding trends can save your business and be your competitive advantage.

5. A cyber-conscious culture

This is the last and most crucial point, because it’s often overlooked. Proactivity around IT doesn’t stop at the C-suite. 52% of data breaches are caused by human error. And lack of awareness around security threats is a huge part of the recent major ransomware attacks like Petya and WannaCry. We need to build a cyber-conscious culture. And we need to do it now. 

Resilience: the key to business brilliance

There’s more than just a catchy rhyme in this. Aside from the snowball-effect of destruction caused by a negative IT incident, businesses merely having concerns over cyber security is enough to impede their innovation.

Although there’s no arguments about the barrage of threats heading everyone’s way, cyber resilience is an emerging response to this. And those who understand it and have the right measures in place will continue to thrive - even in difficult times.

Need some help?

If you need help putting these tips into action, and want to get confident about your cyber resillience, let us know! Here are just some of the IT services we offer at Pensar:

  • Cyber security awareness training.  This simple one hour online course is designed to get everyone across the company  informed about security. Minimise your risk of issues from human error, and keep everyone alert about hacking attempts and other threats.
  • IT security assessment. This is an online questionnaire combined with a face-to-face discussion to analyse your security status. The output is a comprehensive profile of the strengths and vulnerabilities of your IT security which helps us determine the best course of action together. 
  • Help you get CyberEssentials certified. This is the Government-backed, best-practice security scheme. After we've got a holistic understanding of your business, we can help you on the way to being secure and resillient for the future.