The UK Government has recently issued the latest version of its cyber security breaches survey, and we’d like to talk about two of their findings today:
- Although the threat of a cyber attack hasn’t dropped, small organisations are identifying fewer cyber security breaches and attacks this year than they did last year.
- The proportion of micro businesses (those with fewer than 10 staff) who say that cyber security is a high priority for them has dropped from 80% last year to 68% this year.
The de-prioritisation of cyber security may be, of course, because smaller organisations are prioritising economic concerns, such as inflation and uncertainty. This is understandable, but could result in adding extra problems for a business, as a successful cyberattack can be costly. On average (for businesses of all sizes), the most disruptive cyber breach cost the business £1,100 last year.
Micro businesses make up 90% of the total number of UK businesses. That’s a lot of potential extra cyber risk across the country as the owners of those businesses turn their attention elsewhere.
If you have been distracted by other issues, this is a reminder to make sure that you have at least the basics of cyber security in place.
Putting the basics in place: cyber hygiene
The basics of good cyber security practice are known as ‘cyber hygiene’.
The survey points out that the proportion of cyber hygiene activities being carried out, particularly by micro businesses, has declined in recent years:
- use of password policies (79% in 2021, vs. 70% in 2023)
- use of network firewalls (78% in 2021 vs. 66% in 2023)
- restricting admin rights (75% in 2021, vs. 67% in 2023)
- policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023).
As you can see, most organisations do have measures in place, but the numbers are dropping. If you’ve been distracted by other things, don’t forget to set time aside to bring your cyber hygiene back up to scratch.
Most cyber threats are relatively unsophisticated, so putting the basics in place, if you haven’t already, or have let things slide, will get you a long way towards protection. Following the 80:20 rule, it’s definitely worth following good cyber hygiene practices to reduce your own risk of an attack.
Unsurprisingly, we recommend that you should do those things that the survey says are becoming less common among small businesses:
- Set a policy requiring strong passwords. You can find some advice on passwords in our Foundations post on passwords
- Make sure you have a firewall in place (and antivirus)
- Restrict admin rights. Even if your business consists of you and your laptop, don’t use the administrator password to do your day-to-day work. Set up a ‘user’ account, use that for your day-to-day needs (work, banking, email etc) and only use the admin account for system administration.
- Set a policy requiring software updates take place soon after they are available. This is known as patching, and we have a guide here.
- And then, most importantly, make sure that you and your staff follow your policies. Just having the document in place isn’t enough. Make sure your staff read and understand the policies, and check that they are being followed.
These key things should help you secure your business, but there is more you can do. Looking for a bit more help? Our blog posts contain lots more helpful tips for securing your small business or contact us for a chat, either by calling us on 0113 733 6230 or by filling out our website form.