Cyber attacks on well-known brands often seize media attention. However, small companies are just as vulnerable, and must take steps to defend themselves.
The victims of cyber attacks we hear about on the news tend to be household names with millions of customers, not smaller businesses with 250 or fewer employees. In reality, some 66 per cent of UK small firms have been affected by cybercrime, resulting in about £5 billion of losses annually, according to the Federation of Small Businesses (FSB).
“That doesn’t include any estimate of the reputation and opportunity costs, as well as the third-round costs that might spill over to suppliers and customers,” warns Mike Cherry, the FSB’s national chairman.
Most attacks are now financially motivated and everybody is potentially a target. Just because you’re not big doesn’t mean you’re not at risk
- Dominic Trott, associate research director, International Data Corporation
Small businesses make good targets because they increasingly hold customers’ names, addresses and banking information on their servers: exactly the kinds of things hackers want to get their hands on. And while big businesses may appear like Fort Knox in terms of their cyber defences, less well-resourced small businesses can seem like easy pickings by comparison.
“In the past, hackers tended to be kids who wanted to take down big firms for glory, but that is not the case anymore,” says Dominic Trott, an associate research director at International Data Corporation (IDC), who specialises in cybersecurity. “Most attacks are now financially motivated and everybody is potentially a target.”
Invest in the right tools and processes
Faced with determined cyber-crooks, firms should have a robust defence strategy in place. But according to the Federation of Small Businesses (FSB), only one in five actually prioritise cybercrime.“The primary problem is that many small and medium-sized enterprises don’t have a dedicated IT department to work on the constantly changing cybersecurity environment,” says Mike Cherry, FSB national chairman.
In the absence of such expertise, small businesses should seek external advice on the nature of the threats they face and the cybersecurity solutions they should procure.
According to recent research from IT and networking giant Cisco, the most common breaches small businesses tend to face are targeted attacks against employees (think well-crafted email phishing attacks), advanced malware attacks and ransomware breaches, where malware encrypts important data, usually until affected users pay cash to unlock it.
Most of these attacks emanate from unsolicited emails and so firms should consider steps such as using multifactor authentication to prevent attackers from gaining access to accounts or keeping software up to date, be it email gateways, apps, operating systems or browsers.
Training is key
Equally important is that all staff within an organisation receive cybersecurity training. Most cyberattacks emanate from human error, whether through using weak passwords, failing to spot dodgy links in emails or inadequately protecting data.
For example, firms should warn staff never to wire money to strangers and introduce strict protocols that require high-ranking authorisation of such transfers. Employees should also be in the habit of checking a sender’s email address against the message signatory to ask whether they match.
“It’s about a mindset, making sure it is part of the leadership culture,” says Dominic Trott, associate research director at International Data Corporation (IDC). “Employees tend to get it when you explain that if we don’t keep up with digital market dynamics, we could fall behind and potentially go out of business.”
There are many training resources, free and paid for, to help smaller firms strengthen their processes. Take the UK government’s Cyber Essentials guide, which identifies fundamental security controls to help defend against internet-borne threats. It says these steps will get rid of 80 per cent of the risk.
Meanwhile, insurers often offer more specialised training courses that, if completed by all members of staff, will lower the cost of the firm’s cyber-insurance policy.
Solutions don’t have to cost the earth
According to a poll from YouGov and Duo Security, a vendor of cloud-based two-factor authentication services and now part of Cisco, 47 per cent of small business owners consider cybersecurity to be too expensive. But Mr Trott says most businesses do not need to go for “Rolls-Royce” options to stay safe.
Incremental change is better than no change. In short, you should not let a desire to be perfect in your security approach get in the way of becoming better. Perfect, as in all things, does not exist.
Mr Trott also disputes the idea that cyberdefences will hinder a nimble small business from “finding new business opportunities and competing against the big fish”.
If anything, the fallout from a major cyberattack will be a much bigger drag on company growth, he says. And firms are misguided if they think tightening defences will kill their entrepreneurial spark.
Stephen Ridley, lead cyber-underwriter at insurer Hiscox, agrees and notes there is no need to abandon informal methods of working, such as using personal phones and tablets to send sensitive customer data or letting staff communicate for business via messaging apps. Clearly such practices can increase a company’s exposure to breaches, but they also cut costs and allow small businesses to do business in a way that suits them.
“You don’t need to banish these platforms. Employees just need to be conscious of the data they are sending on them,” says Mr Ridley.
Invest in a good cyber-insurance policy
With the cyber-threat evolving at breakneck speed, it is impossible to rule out the possibility of an attack and so small businesses will need to have a good response plan in place to minimise any damage caused.
The first consideration is reputational. If data is stolen, customers and regulators need to be told in a timely way and to know the company is doing all it can to rectify the situation. Otherwise trust will be damaged, potentially irreparably.
As for any financial losses, it is essential small businesses have good insurance in place, although Mr Ridley says the vast majority don’t bother, which leaves them exposed. A recent UK government survey estimated the average cost of a small business’s worst cyberattack will be between £65,000 and £115,000. And contrary to common belief, such losses are not always reimbursed.
It’s not only a breach that costs a company money, Mr Ridley adds. It’s also the increasing cost of compliance under the European Union’s tough new General Data Protection Regulation. For instance, if a hacker gains access to a staff member’s email account, they may also have obtained access to a huge amount of personal customer data, something the small business must report to the Information Commissioner’s Office.
“That means getting lawyers involved, undertaking more of an investigation to see what was compromised,” Mr Ridley explains.
Firms with insurance policies will be protected from the brunt of this, but those without policies will have to deal with the administration themselves, making the cost of addressing the incident exponentially higher. “It adds a massive layer of complexity,” Mr Ridley says.
Integrate new technologies carefully
New technologies including cloud computing, mobile working and data analytics have been a boon for small businesses, allowing them to streamline processes and automate administration affordably.
But small firms considering investing in new security tools must ensure they can be integrated with their existing solutions, as this will minimise the chances of a hack. According to the Ponemon Institute, 59 per cent of companies have experienced a data breach caused by one of their vendors or third parties. In a survey last year by Cisco, organisations that had to manage more vendors actually became less secure as a result, because a multi-vendor environment can be very complex to manage and attacks can get through the gaps.
Small businesses should ask themselves whether the cybersecurity tools they are buying are built with openness in mind or if they integrate well with others in terms of sharing data and threat intelligence. They should also consider whether they will have to do considerable API (application programming interface) work to make them gel with their existing enterprise software products.
A recent report from the UK government’s Cyber Streetwise campaign and KPMG found that 89 per cent of small businesses that suffered a cyberattack felt the breach affected their reputation, 30 per cent reported a loss of clients and a quarter were unable to grow in line with previous forecasts.
However, Mr Ridley and Mr Trott say they have seen a step change in attitude from small businesses over the last two years as many wake up to the risks. IDC data for Europe, for example, shows that spending on cybersecurity is growing roughly as fast at small businesses as it is at big companies, at just over 6 per cent.
Mr Trott thinks small businesses are not as ill-informed as some suggest; the key is making sure the laggards pull their socks up. “I am relatively optimistic. There are always those at the start of the journey rather than the end, but I think we are seeing small business take a more aggressive stance,” he concludes.
The long-held business mantra that “the customer is king” has never resonated more than it does today. As consumers we are inundated with choice. We expect exceptional customer experiences (CX) tailored to our specific needs and preferences, whether the company involved is a multinational corporation or a small business.
If a company fails to impress, we often show no hesitation in taking our business elsewhere. Almost a third of us will stop interacting with a brand we love after just one bad experience, according to a report by global consultancy PwC. This could stem from something as basic as the speed of the company’s website, with 74 per cent of ecommerce leaders saying shoppers are only willing to wait two to three seconds for a page load before leaving to shop on another site, according to a recent industry survey.
We are increasingly loyal to businesses and brands that consistently provide exceptional value with minimal friction or stress, the PwC report states. In fact, CX is now so important to businesses that Gartner refers to it as “the new marketing battlefront”, with 81 per cent of marketers expecting to be competing mostly or completely on the basis of this metric in 2019.
Making it personal
Companies that tailor their goods or services to provide an experience that caters to the customer’s interests or preferences will see increased trust, loyalty and market share, with customers more likely to try additional services or products from brands that provide a superior CX. It’s difficult to walk away from a brand that understands you: certain traditional customer-facing professions like hairdressing or bartending have always had a reputation for gaining customer trust, engendering loyalty and establishing repeat business.
Technology must now empower any small business to do the same. This includes being able to communicate seamlessly with the customer via whichever method they prefer – phone, email, social media platform, chatbot, WebEx or messaging app – and showing them that the experience is just as good – if not better – than a face-to-face experience.
Great experiences start in the workplace
The same approach applies within the workplace. With a progressively mobile workforce, employees expect to be able to do their job from anywhere. They want to participate in meetings and collaborate on ideas and projects with customers as easily as if they were in the office.
It used to be that when disruption occurred – such as bad weather or late-running trains – a meeting would be postponed and business would suffer. Today there are online video and collaboration solutions available that enable you to connect with customers from anywhere with a Wi-Fi signal.
Indeed, Cisco’s Future of Work report indicates that employees who can work remotely are among the most satisfied, creative and productive, whether because work freedom enables them to perform better or the opportunity to work remotely pulls in the top talent. This will become more of a factor with the imminent arrival of Generation Z employees in the workplace, who expect to be able to work from any location, Gartner notes.
Amid the continued rise of the “gig economy”, it has been suggested that in future the only full-time employees will be business owners or leaders, with workforces characterised by freelancers or contractors, working either remotely or from home. Against such a backdrop, it is important to use technologies like video, collaboration and messaging to ensure consistent customer experiences as the workforce transitions to new ways of working.
We know technology is the cornerstone of providing a great CX. However, many businesses may feel overwhelmed by the pace of digital change and its impact on the workforce. So how can small businesses – which are often strapped for both time and resources – provide the best possible experience for their customers?
Figures from Cisco and FSB First Voice’s Small Business IT Survey 2018, as documented in the whitepaper Under Used, Under Threat, show that while more than three quarters of decision-makers understand that technology can empower agile working and increase productivity, more than nine out of 10 spend less than a quarter of their budget on IT. In addition, while nearly three quarters of small businesses recognise IT as a crucial part of day-to-day practice, fewer than one in five have a dedicated in-house IT manager.
The process of engaging with customers must therefore be seamless and simple. For example, with WebEx Teams you can connect with customers via a chatbot, meaning they get an instant response to their questions from another human being. If you’re unable to solve their problem in the first instance, you can easily switch to a call or even video to ensure the customer is satisfied. As humans, we want someone else to think that our problem is as important as we do.
It’s also important to note that small businesses don’t want a collaboration system that takes 18 months to implement and requires thousands of lines of code. They want something that’s easy to install and operate, software-based and – as with most services we consume today – accessed via the cloud, so they pay only for what they consume, with no wasted resources.
Security is also an issue today for any size of company. Cyberattacks are on the increase, with 53 per cent of midmarket companies having already experienced a breach. You might have an amazing website with an outstanding customer experience, but if that customer has their data compromised you could face irreparable reputational and financial damage thanks to lost revenue, opportunities, and out-of-pocket costs.
Even as a small business, your brand can be built or broken by the experience you provide to your customers. Yet it doesn’t have to be a choice between customers and employees. The workplace of the future will allow both to thrive with new communication and collaboration solutions.
From browsing your website to consultation, transaction, delivery of goods and any follow-up services, the right collaboration platform can help build your reputation and boost loyalty, demonstrating that you are exclusively devoted to the needs of your customers.
When Emma’s first child was born, she knew she could no longer work nine-to-five and commute to an office every day. As a strategy director at a large marketing agency, it was time to change how she worked.
“When I had my first son five years ago, I knew that going back to five days in a stressful senior job wasn’t going be possible,” Emma says. Now she works three days a week, one of which is from home. She decides how she sets her hours and whether she works from home or the office. She’s more productive and creative in her job, and better able to tackle the busy duties of a parent.
Had her company not offered this level of flexibility, she would have left, she says. “I’m a happier employee.”
Emma is part of a growing cohort of workers who want flexibility from their employers. Flexible working is a catch-all term for a host of different ways of working, which includes working from home, part-time work, flexitime and compressed hours. According to a YouGov poll, 89 per cent of British workers believe flexible working would boost their productivity. Companies are also aware of the scale of the issue: a LinkedIn survey of UK businesses found that 75 per cent think allowing employees the flexibility to work remotely and set their own hours is very important.
The benefits of flexible working … include better morale, enabling those skilled employees to be able to work around other life commitments, reduced stress and absenteeism, all leading to reduced costs
- Alison Watson, Business Programme team leader at Arden University
Implementing the processes to facilitate remote working, however, requires buy-in from leadership teams. For many companies, their flexible policies still lag behind. The same LinkedIn survey found that while 57 per cent of companies allow employees to work remotely, it is only for some of the time, while 23 per cent said it is only under special circumstances. As more high-skilled workers view flexibility as a professional line in the sand, what is the cost of inflexibility?
“The benefits of flexible working are vast,” says Alison Watson, Business Programme team leader at Arden University. “They include better morale, enabling those skilled employees to be able to work around other life commitments, reduced stress and absenteeism, all leading to reduced costs.”
Emma did not wish to use her real name in this story as she says her company would not want her to speak publicly about its policies. While her employer is now fully supportive of her needs, she says she had to get the ball rolling herself, by proposing a different way of working.
“I managed that conversation,” she says. “They were very fair and balanced, but part of that was how I handled the conversation.”
Helen Jamieson, founder and managing director of Jaluch – an HR consultancy whose clients include Bupa and Visa – says the issue of flexibility is as much about change management as it is employee trust. “A lot of leaders find it hard to both trust and embrace new ways of working or thinking,” she says. “Ask managers whether they trust staff who are remote workers and you still get many voicing serious concerns about how to successfully manage them.”
Leaders must educate themselves on how flexible working can benefit their business, Ms Jamieson says. They need to “lead from the top”, while at the same time “not ignore the fears and concerns people often have about change”.
Ms Watson agrees that engaging in a flexible working culture requires specific management. “Some employees need structure and discipline in order to function effectively,” she says.
Whether a company is able to offer flexibility in its working practices often depends on how progressive it is in its overall culture. The size of a company plays a role here, as smaller companies have a degree of agility to respond faster to these employee needs. “Sometimes such a process may be seen as easier to implement in less bureaucratic organisations,” Ms Watson says, though she notes that smaller companies face challenges of their own.
“Within a small workforce, flexible working patterns may not be easy to achieve as communication amongst the team and with the customer will be essential and will need to be maintained at all times,” she says. “There will need to be adequate cover during standard working hours.” Technology has played a significant role in addressing these issues, she adds, with the widespread use of online conferencing within many sectors offering a viable solution.
For Ms Jamieson, the size of the company is secondary to the mindset of the leadership team when it comes to determining a flexible working policy. “Flexible working demands that leaders trust their staff and that leaders are able to drop outdated practices in favour of new practices.”
The trend towards flexible working started with women, as working mothers like Emma came back to work and needed to adjust their schedules. Dr Esther Canonico of the London School of Economics’ Department of Management, who studies organisational behaviour and flexible working, says that women joining the UK workforce changed the traditional idea of an employee.
“Women bring with them different values and a different understanding of what the responsibilities are outside of work.”
As broader attitudes towards work-life balance change, however, it’s now not just mothers who are interested in flexible working practices. When Jo Hooper returned from three months off work with anxiety and depression, she needed the flexibility to manage her mental health and return to work slowly. “I was given flexibility and was able to work in the office for two days a week and then three days a week at home to begin with,” she said.
As an ambitious employee in a leadership role, Ms Hooper said she tried making tweaks to the way she worked and lived for years to manage her mental health and thrive at work, but that it just didn’t work. This year, Ms Hooper set up Mad and Sad Club, an initiative to provide training to companies looking to improve employee mental wellbeing.
“I realised that there were lots of simple things that businesses could do to help people struggling and that people didn’t need to be ‘qualified’ or a clinician to do something meaningful about mental health,” she said.
Ms Hooper does not think the solution to dealing with mental health issues at work should be for everyone to become self-employed. “Flexibility is one of the things companies can and should do more of,” she said. “By sticking to this arcane idea that we need to be in an office together for 8 hours a day, we’re stifling creativity and holding people to working standards that aren’t necessary in a modern world.”
For both Emma and Ms Hooper, flexibility is now a talent acquisition and retention issue. They are not alone in seeing flexible working as a staff benefit – according to a survey by the jobs sites Monster, a quarter of British workers would turn down a job offer if they were not able to work from home.
“Being able to manage both work and life commitments is attractive to an employee, especially those that know their potential worth to a company,” Ms Watson says. “Companies that do offer such a process will be more attractive to work for, therein attracting the talented staff they’re looking for.”
For Emma, the ability to work flexibly is now simply non-negotiable. “I will now never, ever work for a company that doesn’t let me work like this,” she says. “It’s a hygiene factor for me now.”
The number of UK workers who have moved into remote working has increased by nearly a quarter of a million over a decade, according to data from the Office for National Statistics. Technology can often help companies keep pace with the shift towards flexitime. Here are the top tools and software products that facilitate remote working.
Not being physically present in the same building does not mean meetings have to stop. Companies that offer remote working have a host of options when it comes to video calling and teleconferencing facilities.
Data and IT security should remain a top priority for companies that allow their employees to work off site. Virtual private networks (VPNs) are a must for businesses that grant remote access to workers.
For companies with lots of remote workers, email just doesn’t cut it when it comes to real-time communication. Group chat applications enable teams to message each other more efficiently. Features such as different channels and integration with other applications offer a richer experience than a traditional email client.
Collaborative project management software is essential for any team that operates across different regions or locations. Cloud-based programmes allow teams to monitor and update project milestones, set deadlines and manage workflow from anywhere.
For employees who work a set number of hours over a flexible schedule, the ability to track and record hours is vital. Time-tracking applications also often integrate well with existing project management tools.
Fostering a company culture when employees work in different locations is challenging but not impossible. Recognition platforms help companies engage their employees through a rewards programme.