Today I wanted to talk about the basics of cyber security.

When you think about cyber you probably think of hackers and clever bits of software and all that exciting stuff. Although that is part of the picture, it's not really the whole canvas.

The best way to explain this is to consider your information security as if you had built a Castle to protect your business. If you want to know how well your castle is going to protect you, your greatest concern is not the highest point of the wall but the lowest point. Anybody trying to break into your castle will obviously try and find the easiest way in.

So when you look at cyber security for your business your first thought should be “where is the lowest part of my defences?”

This is where cyber certification will help you.

Let’s take the example of Cyber Essentials, a well known security standard used here in the UK. The process of completing Cyber Essentials will simply help you understand where the low points are in your defences and what you need to do to build them up to a reasonable height. Although the process can take a while, the principle is as simple as that!

I've spoken to many business owners about improving their cyber security and one of the common objections that I'm given is: ”My business is too small for a hacker to worry about, nobody is going to bother attacking me”.

Unfortunately that's not true.

Hackers have a wide array of automated attack tools at their disposal and don't need to put much effort into any individual attack. If you’ll bear with me while I shift metaphors, the best way to imagine this is comparing a little shrimp to a hungry whale. The shrimp might think it’s too small for a whale to be bothered with, and on an individual basis that may be true. However that's not how whales feed, they don't eat one shrimp at a time they simply open their huge mouths and swallow thousands in a bite.

This is what your business looks like to a hacker they will simply find the weakest point of your cyber defences and use that to gain entry.

There are a number of things that can happen next, none of them good.

· Your business data may be encrypted and you will have to pay a ransom to get it decrypted.

· Your data may be stolen and you'll have to pay a ransom to stop them releasing it to the public.

· They may get in touch with your suppliers or customers pretending to be you and make fraudulent transactions, and so on.

Essentially, there are a large number of bad outcomes for you in the event of a cyber breach, and the survival statistics for unprepared businesses makes for pretty gloomy reading.

Now you may be thinking “but I have good anti virus software and email filtering in place already, I’m pretty secure”. Again that’s not necessarily the case. The most common weak points in business defences are related to people and processes. Examples would be:

· Shared accounts

· Easily guessed passwords

· Passwords used for multiple accounts

My advice to all businesses is make sure you have some level of cyber certification whether it's Cyber Essentials or something more robust.