According to ThreatMetrix, the UK is now the top target for cyber-criminal activity globally.
To many this comes as no surprise following a spate of high profile security failures from large multinational firms and the phishing e-mails that we are all so used to. The threat of stolen property, bad publicity and corporate embarrassment is something that UK companies are increasingly aware of and Cyber Security concerns now stretch much further than IT departments.
Avoiding cyber-crime is now on the agenda of finance teams, physical security teams, legal and compliance teams, sales and marketing teams, customer services and human resources. Everyone has a stake in ensuring their business is safe from cyber threats.
Whilst large multinationals have been allocating truly monumental budgets to combat these very real and increasingly sophisticated threats, smaller SMEs are likely to find it much harder to build and audit robust systems especially as they more often than not link to so many external third party service providers (Payroll, HR, Marketing etc).
For a cyber-criminal looking to profit from the poor cyber practices of UK businesses and individuals, it is like a burglar stumbling on a street where all the street lights are out, the doors of the houses are wide open and there is a sign up saying that everyone has gone on holiday and won’t be back for a month.
So is there anything we can do?
Well if you can afford a cyber security audit that would be a great start, but it is important to make sure that all departments are on board as there is no point paying for an audit if the rest of the organisation won’t implement the recommendations! The UK Government has been aware of this growing threat for some time and back in 2012 they published their 10 steps to Cyber Security and subsequently Small Businesses: what you need to know about cyber security guidance. Then in April 2014 the government launched the Cyber Essentials Kite mark scheme. Organisations can gain one of 2 new Cyber Essentials badges, either the standard badge or the “Plus” badge if an organisation meets additional security criteria.
Apart from undergoing your own cyber audit companies should be asking any external service providers they link with if they have undergone a cyber security audit and which level of Cyber Essentials badge they hold.
From a legal point of view the security of employee data is very much a company's responsibility. The EB Partnership recommends the BORIS benefits platform from Benefits Communication Ltd which has gained a Cyber Essentials Plus accreditation, one of only 139 companies in the UK to have achieved this standard (as of 12/11/2015). If you use a communication portal for your employees make sure it is secure and have a look at what BORIS could add to your benefit communication strategy.