The Big Red Cloud has conducted a national survey which highlights that 40% of Irish SME's have been the victim of a cyber attack.

Data protection was "seen to be a major issue for many firms" however 33% of firms surveyed said that they were having difficulty dealing with it.

Data and its protection is something SME's must take seriously or it will affect not only the firm's reputation but its bottom line. With the introduction of the increased sanctions in the General Data Protection Regulation (GDPR) - (up to €20m or 4% of global turnover) for certain offences, it is simply an area of law you cannot ignore. For further information on the changes implemented by the GDPR please refer to this articleby my colleague Linda Hynes.

Is your firm prepared for a cyber attack? In truth my eyes have been opened in recent months as our firm is undergoing ISO27001 certification process relating to the security of information we hold. Smaller SME's do not need to go to the extent of formal certification but there are some easy steps you can take to tackle the cyber crime offensive.

In assessing whether your organisation would withstand a cyber attack, you should consider a layered approach:

  • Education:
    • educate staff and customers on the risks and how to identify a breach;
    • develop internal policies and procedures to account for the risks;
  • Preventative measures:
    • update your security software;  
    • encrypt and password protect employee work stations;
    • consider where and when your employees and customers would be at risk from an attack - is data accessible from un-secure locations on un-secure devices?
  • Website Protection:
    • implement a unique log in system to external portals where client data is held or accessible; 
    • use a two factor identification process to minimise the chances of a data breach; 
    • prepare for and consider the consequences of a security exploit such as a phishing attack, trojans, viruses or a keylogger attack on your business;
    • back up your systems;
    • ensure your systems can be shut down efficiently and effectively as part of your disaster recovery plan;
  • Data Analytics and Back Office Monitoring:
    • analyse customer activity;
    •  consider how you would be notified if a breach actually occurred;
    •  carry out regular internal and external security audits;
  • Behaviour:  
    • focus on cybercrime prevention and data protection from the top down; and
    • update management on security audits and perceived cybercrime risks.  The prevention and reporting mentality is less likely to be seen at lower levels in the organisational structure unless management take the lead.