Huffpost UK Tech uk
The Blog

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Mike Foreman Headshot

What Smaller Businesses Can Learn From the Staysure Hack

Posted: Updated:

Business owners generally accept that the security of their clients' private and confidential data is paramount and that they ought to have the best controls and protection they can afford if they are to keep themselves from being hacked.

After all, nearly everyone these days is transacting online on a regular basis as the record retail figures for the Christmas period have shown. Businesses of all sizes are aware of this and are opening themselves up to accepting and storing an ever increasing amount of credit card and personal data online including mobile payments.

And customers expect the convenience of a full multi-platform shopping experience which involves trusting suppliers to keep their information safely on file so that they don't have to enter it more than once even if they switch devices. In response to this demand retailers and services providers are storing that customer data on on-premise or on hosted databases that require nothing more than a simple password to access.

And the hackers know it.

Earlier this month it was reported that travel insurer Staysure had been hacked and that sensitive bank card details involving some 93,000 customers was thought to be at risk. What strikes me is this, if even a reasonable-sized company like Staysure isn't safe then smaller businesses are equally vulnerable, probably more so.

This is because small to medium sized businesses make up a large proportion of the types of enterprises targeted by criminals, taking just over 40% of all targeted attacks at a cost of around £4,000 per business. In fact cybercrime remains one of the greatest threats. Government figures calculate that it costs the country £27bn each year, with £21bn of that cost shouldered by business.

So what can you, the business owner, do to protect against this? Well to start with you could spend a couple of minutes to complete a free online business security health check and, if you have not done so already, make sure you take a few basic precautions including:-

Keep your security software updated - Don't be tempted to put it off till later. Most updates are improvements by a software company, patching up security threats and fixing bugs - if you don't update, you are creating vulnerabilities in your systems which could be utilised by hackers.

Never assume your workforce know anything about computer security - Take proactive steps to educate your staff about common scams and phishing techniques used by cybercriminals to trick their way into accessing your systems.

Use strong passwords - use passwords with a mix of upper case/lower case letters and numbers as well as two-factor authentication techniques to safeguard access to highly sensitive data. Also try to ensure access to it is restricted to a trusted few.

Protect ALL devices - It's one thing to have traditional anti-virus security for all networked devices and even encryption for your WiFi but the Bring Your Own Device (BYOD) trend has made keeping on top of this a little harder. Smartphones and tablets can be protected using a free security app like AVG's. Additionally ensure all laptops and home computers are covered by an approved security software package. Remember managing this does not have to be complicated and if you do not want to do it yourself why not retain the services of your local trusted IT provider to look after it for you.

Back up regularly - Always back up your files locally and use an online back-up service to be perfectly safe. In a recent study 75 percent of the 1,000 small businesses taking part said they relied on traditional automated local backup. Tellingly 64 percent of SMB owners in the US said they are suspicious of the cloud. Most (54%) do not even enforce a backup policy.

Have a disaster recovery plan - Most small businesses don't think it's necessary to create a plan for dealing with a data breach. But by creating a plan you can ensure your response to any potential breach will be well-thought out and hopefully the cost of repair and damage to reputation will be minimal.

It's the start of a brand new year and I wish everyone a prosperous 2014. No doubt there will be news of even more hacks of private information over the coming months. But we'll only hear about it when big companies get hit. For every big name hacked you can be sure the victims will also include thousands of smaller companies that will not make the national headlines. And unfortunately they will be the ones to be hit the hardest. That's why it's worth taking a few minutes out of your day to make sure you are not one of them.