Article written in partnership with Nortal, by Bruce Keeble, Head of Cyber Security Consulting.
Small to medium businesses (SMB) are experiencing an increase in the costs of IT services. These services are often outsourced or overseen internally by an individual or small team that is responsible for safeguarding the ‘digital estate’ of the business, and its cyber security.
SMBs continue to encounter increased cyber risk and increased frequency of cyber-attacks. These threat actors/cyber criminals sometimes target SMBs that are linked together as part of a supply chain. Their motives include financial gain, disruption extortion, obtaining intellectual property, or to simply observe business interactions.
Bruce Keeble, Head of Cyber Security Consulting at Nortal, highlights that the Board and major stakeholders have a holistic view of how these cyber issues can be safeguarded:
- Having a strategy in place and prioritising each layer appropriately; immediate, short, mid and long term
- Maintaining a consistent level of forensic hygiene checks on a regular basis
- Ensuring the people, technology and processes are all aligned, can identify the thresholds, and understand the potential risk to the business by not taking efforts to mitigate threats and risks.
This is where digital and cyber resilience comes into play, in conjunction with a fit for purpose Cyber insurance package that provides adequate cover to reduce the costs associated when responding, containing and reporting (such as legal obligation to inform the regulators) a cyber incident.
What should SMBs consider implementing to help their digital and cyber resilience?
Listed below are the potential steps an SMB can consider and deploy (in no specific order):
- Regular cyber security focused training and awareness to the range of social engineering techniques or platforms that threat actors may use (examples: emails, text messages, phone calls, instant messaging)
- Regular installation of security patches and a variety of system logs enabled
- Limiting user permissions and controls
- Having an incident response, business continuity, and disaster recovery plan with a monitoring tool (endpoint, detection and response capability)
- Include an incident response retainer that incorporates a proactive and independent review of your environment, but permits support, if, a cyber security incident occurs, including threat intelligence, to identify if there are leaked user and account credentials that may have been compromised for sale in criminal forums
- Hardening security configurations of systems, applications, and cloud services. Cloud services are not a magic bullet to cyber security measures, they require configuration and enforcement of role-based access and security controls in addition to securing of security mechanisms such as Multi-Factor Authentication (MFA) across the estate; and
- Backup of data (including offsite backups and separate storage) but ensuring you practice and check the data backed up, can be fully restored, and you know how long this could take practically. Encryption of data is essential.
It is highly recommended that SMBs and their employees have a digital and cyber resilience strategy to support the forensic level of hygiene necessary to operate in the digital and cyber domain. To support the approach, SMBs must have a strategy that has been practiced and know how to implement it.
Not having the fundamentals to reduce or mitigate a potential business interruption or cyber related scenario irrespective of the size, could mean the difference of the business containing the situation and recovering swiftly, or a longer lasting damage directly to the business and its employees, that impacts the successful recovery.
Coupled with a robust plan to respond to any loss or interruption, every business should consider a Cyber and/or Crime insurance policy, which will not only provide indemnity for any costs incurred, lost revenue or liability to third parties, but also access to a suite of expert breach responders who can help get the business back up and running and crucially avoid any lasting reputational harm.
Speak with one of our experts to access a complementary cyber vulnerability assessment report and to obtain a cyber quotation here.
If you’re not sure where to start when it comes to your cyber security strategy, or you would like a second opinion to ensure your data is as protected as possible, we offer a complimentary ‘KYND’ report, which will put you in contact with an expert team that will be happy to assess your risk.
Likewise, if you are interested in understanding how a Cyber policy could help protect your business and complement your business continuity planning, please speak to a member of the Specialist Risk Insurance Solutions team here.
Nortal is a strategic digital transformation partner for leading companies and governments around the world. With more than 20 years of experience in the public sector, healthcare, and enterprise, they deliver value – at scale and with speed – to shape a better future. Find out more about Nortal here.