If you are looking to take your small business to the next level, cyber security should be one of your primary concerns. A business with an online presence that doesn’t know how to protect itself is immediately at risk and that’s a major turn-off for investors.
In fact, if you’re looking to scale up your business by securing backing from an established network of investors, you need to understand online security now more than ever. As outlined by the Council of Institutional Investors (CII) back in 2016, cyber security is the first thing financial backers should – and will – now be assessing in both potential and existing investments.
Why is communication a vital tool for cyber security?
Without understanding a risk, it’s impossible to prevent it.
What would happen if a member of the admin team didn’t have a basic understanding of cyber security best practices? They would be susceptible to falling for a phishing scam, not only exposing themselves but possibly giving cyber criminals access to the entire company.
The other consequence is that they may not be able to explain the problem or how it occurred to the security team. The end result is a security expert having to spend more time on the issue – or even facing a bigger issue – than they would have if the employee had been able to effectively assess the risk and communicate the problem.
With the average IT data breach now costing $158 (£128) per lost/stolen record, according to a 2016 IBM Security Report, investors will be keen to protect any investment they make by prioritising cyber security. As a small business, this sort of financial hit could easily wipe out your annual profits. Even if a hacker was only able to obtain the data files of 300 customers, the stats suggest that would cost £38,400.
When you factor in the financial costs of security breaches and the new focus of investors, it becomes apparent that it’s in the best interests of any company to secure itself from the bottom up, which means having educated employees as the first line of defence.
Investors Want Clearly Communicated Security Policies
As detailed in Prioritizing Cybersecurity by the CII, investors will now be asking board members five important questions related to security. The first and, arguably, most important question from the paper is:
“How are the company’s cyber risks communicated to the board, by whom, and with what frequency?”
Here we can see that investors will consider what systems a company has in place to secure itself. If a company doesn’t have an effective chain of communication, any secure hardware or software is rendered virtually useless. For a company to have a secure system for combatting cyber risks, it must have people dealing with the day-to-day threats and communicating them to managers, who can then transfer this information throughout the business, both to members of staff and board members.
Investors will also be looking at which member of staff in the company is responsible for security, how well they communicate risks, and how well everyone in the company understand these risks. If a company hasn’t addressed these sorts of queries, it may be seen as a risky investment.
In an article outlining ways to create an effective data security communication plan, CSO Online writer Larry Ponemon suggests ongoing education through a combination of seminars and online training modules is the way forward. Additionally, equipping company property with preinstalled data security toolkits can help mitigate certain risks and fill in gaps where a user might not be educated about a particular risk.
Without Education and Communication, You’ll Lose
When you realise that cyber security isn’t just about technological defences but effective communication, you start to see the importance of having trained staff in your network. People are the integral links in the chain of communication and without well-informed staff and an efficient system in place, a company isn’t adequately equipped to deal with cyber risks.
Supporting this idea, we can look towards The Hiscox guide to Cyber Security. This guide to cyber readiness points out that there are three areas a business should focus on in order to protect itself: Security, Prevention and Insurance. Although the first area involves the physical resources intended to protect a company’s network and data, the “prevention” category focuses largely on knowledge and the human factor. One of the questions asked within this section is: “are your staff clued up on cyber security?”
As a business owner, cybercrime prevention is crucial, for both business security and investment opportunity, and a large part of this is making sure staff know what they should avoid, who they should communicate with about any issues or concerns and how to approach security risks.
Only a company with skilled staff and an identifiable chain of communication is worth investing in. So, if you’re not working to educate your staff about cyber security, now is the time – your funding could depend on it.