Historically, IT grew as a responsibility of the finance function, largely because most of the early programmes were focused on providing and processing financial information. While major corporations now see IT as a separate function in its own right with a seat at the Board table, in many SMEs it still reports to the finance director.
Most finance directors are not IT experts. This may be fine for day-to-day operations, where the task is to ensure the systems are appropriate, properly set up and able to adapt as the business develops. The work can be commissioned and periodically reviewed. Cyber security, though, is a very different matter.
Here the threat is ever-present, unpredictable, constantly evolving and does not work to pre-planned timetables. The one thing you cannot do, if IT – and hence cyber security – falls within your remit, is to fit it and forget it. You need to have it on your mind on a very regular basis.
The trouble is, many SMEs simply don’t appreciate that they may genuinely be at risk. According to the February 2018 government publication “Switching the public and small businesses on to cyber security and fraud”,
- 27% of SMEs believe they are “too small” to be of interest to cyber criminals; yet
- 46% of UK businesses – which effectively means 46% of SMEs – identified at least one cyber security breach or attack in the last 12 months; and
- 48% don’t follow advice on updating software and apps.
The most serious risk is to the fundamental integrity of your business. Without adequate planning, a business subject to a cyber attack may not be able to operate. While such failures could be catastrophic, on their own the advent of the General Data Protection Regulations in May 2018 means that even a straightforward data loss could result in heavy fines as well as damaged reputation among customers and suppliers.
So what should you be doing about it?
The government has published a 10 Steps to Cyber Security guide. It is fairly comprehensive, covering everything from the central risk-management regime to home and mobile working.
A more digestible document, though, is the Cyber Security : Small Business Guide published by the National Cyber Security Centre (part of GCHQ). It describes the actions you should take in five essential areas:
- Backing up your data
- Protecting your organisation from malware
- Keeping your smartphones (and tablets) safe
- Using passwords to protect your data
- Avoiding phishing attacks.
There’s also a useful action checklist setting out the things you need to do under their policy, technical and training headings.
You can manage this in-house or you can call on specialist consultants to help, but whether you use internal or external expertise, you should begin by asking yourself honestly: am I taking cyber security seriously?
Blog written by Giles Scott
West London
3 Brook Business Centre,
Cowley Mill Road,
Uxbridge, UB8 2FX
East London
London, E11 1GA
South London
London Bridge
73–81 Southwark Bridge Road,
London, SE1 0NQ
City London
London, EC2M 1JH
We believe we are more than just your average accountancy firm. Our goal at Barnes Roffe is to engage our clients through a proactive relationship, which provides you with the resources and tools you need to enable you to take charge of your finances with confidence.
Tax news, audit news and any new accounting news ... with the help of our topical tips, blogs and key guides you can enjoy the benefit of being regularly informed of business and accounting updates which are likely to be relevant to you and your business.
PLEASE NOTE: By the very nature of this type of information the details of tax law might have changed since they were published, so contact your Barnes Roffe partner before acting on any matter contained in these documents.