Keeping your customer data safe and protecting your business from online cyber threats has never been so important as a small business owner.
With GDPR bringing data security to the forefront of everyone’s minds and small businesses being subject to almost 10,000 cyber-attacks a day, it’s an area which is just as important as sales and product delivery when running a business.
On 21st April 2020 at 11am (BST), we hosted a webinar in partnership with the trusted standard in data protection, iCaaS, featuring a panel of GDPR and cyber security experts. To provide a little more insight into what we discussed, we asked our panel to share their experiences and top tips.
Thank you to everyone who attended our webinar. If you didn’t get a chance to join us, you can access the full recording here.
1. How are the likes of GDPR and cyber-attacks changing the way small businesses run and operate?
“From what I’ve seen, GDPR has raised awareness with business owners to increase their investment in cyber defence, but I still don’t believe enough is being invested.” Joseph Garbett (Managing Director of OxSec and ethical hacker) told us.
He continued “From an attack perspective, there’s still a lot of automated attacks going on through free online software. People are still falling victim to these so, if we can protect and stop the automated attacks, the only avenue is a targeted attack which is very different.”
Cath Goulding (CISO at Nominet) added “Governments are using regulation to make businesses take cyber security more seriously and be responsible for their customers’ data.”
Nicola Hartland (CEO and Co-Founder of iCaaS) went on to explain: “Before stricter data protection regulation, small businesses were generally relaxed with their data compliance policies.
With the introduction of regulation such as GDPR, there is an obligation for small businesses to be actively compliant, so there has been a shift in process and documentation for all businesses, let alone small ones.”
Our expert panel explain how there’s been a shift from guidance to regulation, which has started a change of behaviour in businesses. For smaller business owners, this can bring a degree of uncertainty, as it is something that many just simply didn’t consider before.
2. Can you provide an example of a cyber-security breach you have experienced yourself?
Cyber security or data breaches come in many shapes and sizes, Nicola Hartland told us about an unusual data breach which had significant consequences: “A small business entered into a contractual agreement and the other party, despite signing, pulled out of the agreement. The small business in question then pursued legal action and performed a subject access request to build their legal case.
The other party, thinking they were doing the right thing, sent ALL email correspondence they had between the two parties which crucially included third party data. This triggered a data breach and was reported to the ICO.”
Do you, as a consumer know if you’ve been subject to a data breach? Joseph Garbett shared a great top tip: “You can simply paste your email address into haveibeenpwned.com and you can see what breaches you’ve been subject to. And that’s available to everyone to search anyone!”
3. Why is it so important for small businesses to keep on top of cyber-security threats and remain GDPR compliant?
Our expert panel shared some grave news about the implications of not remaining compliant. Nicola Hartland exclaimed: “The ICO have been known to investigate all sizes of business, from large corporates to local businesses and if you aren’t compliant you could be subject to financial penalties. No small business owner wants unexpected costs, especially fines!”
Cath Goulding reiterated her point, “If you don’t, it could ruin your business”
Joseph Garbett: “If you are victim of an attack and the consequence was your customers fell victim to scam, your business will suffer and you’re likely to struggle both financially and emotionally (yes emotionally, a side people often forget!).
An analogy I like to use to describe why it’s important to keep on top of your cyber security is this:
You leave your home, day-in, day-out (provided we’re not in lockdown!). You know that because your front door is locked, you’ve deterred opportunistic thieves and that should someone attempt to break in, they’re probably a pro or have targeted you. But in your mind, this is unlikely because you’re a nice person. Your routine is to open door, close door, put key in lock, turn key, then walk away.
One day, you get distracted (a phone call maybe as you’re leaving, a very likely thing to happen) and you leave the front door of your home unlocked and your new laptop gets stolen.
This is complacency at its finest – you don’t check to see if your door is locked (that simple handle test). It takes all of one second to do but most people don’t do it. Now the question is what percentage of people do you think would start checking their door after they suffered a burglary?
Answer: All of them.
We need to get people to that second state (to check their door handles) now, before they’re burgled.
To translate into cyber security terms, we need people to review security, privacy and configuration settings, along with password policies before they fall victim to an attack, even if they assume the default setup is correct!”
4. What is your top tip for keeping a business secure and compliant?
Joseph Garbett: “If I could only say 10 words or less on this webinar, it would be: Don’t use the same password more than once anywhere online.”
Nicola Hartland: “Well apart from using iCaaS (I would say that!), make sure you have fully read all regulations on the ICO website – if you don’t know the regulation how can you remain compliant?”
Cath Goulding: “Keep secure by creating and using strong passwords and keep compliant by managing your data correctly.”