The NHS Wales data hacking scandal has brought the issue of cyber security to the forefront of Welsh businesses. The breach, in which sensitive personal data of thousands of NHS employees was stolen, had major repercussions on the company including vast financial and reputational damage, the extent of which is still undergoing investigation. The devastation caused by this attack on NHS Wales was evident, but perhaps more concerning is the example it has set. Small businesses now face the very real threat of a cyber breach whilst being more vulnerable and less well equipped to cope.
Taking steps to reduce the risk of a cyber attack is now a key part of small business strategy. Tightening up your security is not just about installing sophisticated software; educating your staff is crucial to reducing the weak links in your security and maintaining vigilance against attackers. Small and thoughtless mistakes, such as leaving work devices unattended in public places or clicking on suspicious links, can spell trouble for your company and leave you a target for hackers. By ensuring your staff fully understand the risks and consequences of these seemingly harmless actions, you can strengthen your vulnerabilities and improve your security.
Providing proper staff training on these issues can go a long way towards building up understanding. Use online tests to discover the gaps in peoples’ knowledge and focus on easy changes that staff can make on a daily basis, such as safe web browsing, using generated passwords and learning how to detect a phishing email. Keep the training regular and engaging, using examples from news stories such as the NHS Wales breach to keep the content relevant and help your employees better understand the financial and reputational impact on both the company, and them as individuals. Remember to include members of senior management and IT personnel in your training, as it is these staff members that have access to the most sensitive information, meaning they are the biggest targets for hackers.
By taking the time to educate your employees, staff will know how to report suspicious activity and respond effectively in the event of an attack, meaning that if an attempted breach occurs, your company will be working together to stop it.