One in ten small businesses in the UK have experienced a data hack. Hiscox research also revealed that 90% don’t have a cyber crime insurance policy in place to protect them against the financial, business interruption and legal costs they would incur should they be struck by cyber crime.
While four in ten (41%) SME owners are concerned about their computer systems being hacked, only 25% are very confident about the security measures their company has in place to protect against these risks.
The research also shows that small business owners are more concerned about risks relating to cyber crime, such as being hacked (39%) or phishing (36%), than they are of physical items (laptops, customer paperwork) being stolen from the office (31%).
Hiscox SME insurance expert, Alan Thomas, comments: “Cyber crime is costing the UK economy around £11bn a year and while the media is reporting a growing number of high profile data breaches, some small businesses may also be a popular target for hackers because their systems are usually easier to get into and the breach may not be found out for a good few weeks.”
“We know that cyber crime insurance policies might be the last thing on an entrepreneurs’ mind when they are trying to drive their business forward on a day to day basis, but it is worrying that over one in ten (13%) of these businesses don’t know what security measures they have in place and if they are protected from online crime”, Thomas says. “It is increasingly important for small companies to evaluate all the risks their businesses face, both online and offline, and include their IT security and protection requirements in the overall contingency strategy.”
Hiscox offers the following security tips to help SMEs protect themselves against online risks:
- Running an enterprise is a full-time activity and if you do not have online technical expertise seeking professional advice on security can save you time and hassle in the long run by ensuring the security measures cover your business needs
- Protect information with an internal “need-to-know’ policy. If storing information on a central file server, manage who has access to these files. This can help prevent accidental or deliberate data loss
- Encrypt important information for extra security so that only authorised users will be able to access it
- Using the internet and email to conduct business means that data loss becomes a bigger risk. Develop a clear email policy and raise online security awareness with employees and follow up on suspicious emails even if they’re a one off
- Make it protocol across the business for employees to use numbers and letters in passwords that provide much more robust protection from online criminals, if you are handling client data, you will need to ensure you possess a professional indemnity insurance policy.
- Back up your files and check your insurance cover so that you can get your business up and running again quickly in the event of an incident
- Items like laptops and computer monitors are common targets for thieves and the real cost of a stolen IT asset isn’t just the hardware; it’s the lost data and the lost productivity. Lock servers in a room and move laptops into a secure drawer at the end of a working day.