Our Head of Penetration Testing Services Zain Javed was among a number of experts on The Guardian’s Small Business Network online discussion panel last week.
The debate centred around the steps businesses should take to protect against cyber crime and whether firms should handle cyber security in house or outsource it.
Quoted in a round-up of the discussion here today, Zain said: “Risk assessments help determine how small businesses might need to improve security. A visual report can highlight key areas of the business that, if targeted, can have a detrimental effect on the running of the company. A simple scenario could be the leaking of your supplier list or price list. Understanding the risk to your business is very important.”
Discussions also included the benefits of outsourcing with James Lyne at Sophos saying: “If cyber security is not core to your business it is better to find someone who can do it for you and focus on what you do best. That said, in order to outsource something safely you need to understand it enough to know you have a good service and that the third party is trustworthy.”
The top three business risks leading to cyber crime were identified as insiders, malware and failure to backup your systems. Zain added the importance of companies protecting against data /information leak which is happening more frequently through the increased use of social media.
Responding to a question about whether small business owners underestimate the threat of cyber crime, Zain said: “Most people don’t realise how sophisticated the malwares have become and cyber criminals are exploiting vulnerabilities to put businesses and their users at risk. You could be facing not just financial damage but also reputational damage. It is vital that a culture of cyber security is embedded into the work environment and actions are taken before rather than after.”
Retail is also one of the big targets for cyber criminals, Zain said, followed by manufacturing, information and professional services. He added: “Card details are really attractive but recently we have seen a big rise in the theft of intellectual property.”
Summing up, Zain said: “Small business are targeted mainly because they are small and in most cases, unequipped to defend themselves. SMEs need to offer awareness training to their employees to reduce the risk of breaches and conduct tests on their systems at least once a year by cyber security professionals to safeguard their business and their users. Having good security practices can demonstrate to your customers that you are a responsible business.”
Mitigate provides a comprehensive range of penetration testing and consultancy services for SMEs, public sector organisations and larger corporates.
To read the full comments in the webchat, click here.