Cyber security is rarely out of the spotlight, or the media, with high-profile incidents reported on with alarming regularity.

Small businesses are increasingly waking up to the fact that responding to cyber threats is not just something larger organisations need to worry about. This is especially true as 43% of cyber attacks are on small businesses according to www.thebestvpn.co.uk.

When it comes to cyber security, there are almost endless threats to consider – and they are constantly evolving and becoming more sophisticated.

Added to this is the sheer volume of data that even small organisations have to deal with. According to Radicati, as of 2018, 124.5 billion business emails are sent per day. A DMR report found that the average office worker receives 121 business emails a day.

As such, it can be challenging for organisations to know where to start when it comes to protecting themselves. For small businesses in particular, the most pressing threats can be summarised into four key areas:

1.    Bring Your Own Device (BYOD)

The way people work is rapidly evolving, enabled in large part by advances in technology. In many ways, this is a hugely positive thing as employees are able to work anytime, anywhere. However, the use of personal smartphones, tablets and laptops to carry out business does increase the risk of data loss – either through human error or by providing a way in for cyber criminals.

A study from Ovum found that 79% of employees found that BYOD enabled them to do their jobs better, but nearly 18% claimed their employers IT department had no idea they use their own devices for work.

2.    The Cloud

Cloud computing is convenient, increasingly popular, and is generally considered to be secure. However, this is not always the case. In a public cloud, all data is stored within the provider’s network, and, as such, is open to attack. Even a private cloud, which is not open to the world, with data stored in a private network, is still not infallible.

As both public and private clouds are essentially centralised systems with just one point of vulnerability, it is relatively easy for someone to ‘leave the door open’ either through incompetence or maliciously.

3.    Voice and video

Many organisations also fail to consider how telecoms, and increasingly, video factor into their overarching cyber-security strategy. Of course, it is essential for any business to have effective communications, from informal conversations between colleagues, to confidential client discussions. However, voice and video are just as susceptible to hacks as other systems.

This isn’t something organisations tend to consider when using Skype, for example, but voice and video should be treated with the same attention as any other security and data risk.

4.    People

All too often, people are the weak link in the security chain. This is not always malicious, but human error is a huge cause of cyber attacks and data breaches.

IBM’s 2016 Cyber Security Intelligence Index found that more than 60% were caused by employees or others from inside an organisation, although more than 30% were accidental.

Huge issues can arise from something as simple as sending information to the wrong email address, losing a phone or laptop or using default passwords.

Fortunately, there are key steps that organisations can take to help ensure that cyber security and data privacy threats are mitigated.

A new approach

Creating a strong, company-wide culture of security is a vital part of keeping organisations safe from attacks and data breaches. However, businesses need to be careful of making things too complicated. An organisation can implement the most robust security measures there are, but if they are not intuitive, simple and easy to use, employees will find ways to side step them.

Changing tactics

It is also key for any security strategy to take advantage of a solution that can cover not just email, but instant messages, SMS, voice and video calls, servers and any documents and files stored on cloud, local and removable storage, across a wide range of devices.

Not only this, organisations also need to consider whether they have the ability to take back, block access to and destroy data if necessary, for example if an employee leaves.

However, the absolutely most vital thing that SMEs in particular can do is rethink their fundamental approach to security. Traditional cyber security approaches have focused on creating safe places to store data, in effect building walls and ‘locking’ data away behind firewalls and using sophisticated authentication methods to allow access.

However, there are now a huge number of ‘doors’ to data to protect. Forget to lock any one ‘door’ and a hacker potentially has access to everything. The traditional approach of just adding more locks and more authentication is neither practical nor affordable for SMEs.

Instead, a new approach to cyber security is needed, which focuses on securing and encrypting all data at its source, using just one lock and key. In this way, even if someone gains access to an organisation’s systems, the data they find is meaningless.

The fight against cyber security threats is an on-going one for businesses, which can be very time consuming and eat into precious revenue.

However, by taking a new approach to cyber security, which is simple to use but also encrypts all common forms of data and communication at its source, organisations can focus their attention on growing their business and adding to the bottom line.

Ajit Patel is CEO of Siccura.