Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Jon Milward, Operations Director, Northdoor

In 2011, cybercrime caused damages of up to £3.37 million to small businesses in the UK, which on average cost small businesses £5,400 per cyber-attack. However, the UK Home Office recently reported that in 2012 companies with less than 20 employees spent £200 a year on cybersecurity prevention tools. In contrast companies with 50-100 employees spent roughly £4,000 per year on IT security and companies with 100+ employees spent double that sum costing them £10,000 per year.

Cyber security threats

Jon Milward
Jon Milward

Businesses of all sizes should adopt a scenario based approach to security in order to fully understand the extent of their threat landscape. This entails considering all the different threats and imagining how they might play out. If you can explore in detail the potential impact of each scenario, you can then begin to build a true understanding of how your organisation is structured to cope. For example, what happens when a personal device that contains business data is lost or stolen?

BYOD strategies are accelerating and whilst this can result in greater work productivity and a boost to staff morale, it can lead to increased security threats or breaches. The question is how can this trend be regulated and to what extent can an organisation dedicate and reinforce processes when it’s the employees who own the devices?

SMBs are struggling to update their security software and policies, so whilst technology exists today to wipe out or disconnect access to business data when a device is reported stolen, it doesn’t mean lapses don’t still occur. Small businesses need to ensure that policies are enforced across all staff using the BYOD scheme. The rise of the mobile workforce using various mobile devices is now beginning to show how threatening such a scheme is to a business’ security and intellectual property, and protecting against this has never been more challenging.

So whilst many organisations believe that they have what they believe to be sound security measures in place, the reality is that often these are implemented in a piecemeal way with solutions only addressing specific needs. However, more often than not, a disjointed approach is not sustainable and a holistic approach is one that organisations should favour. Security should never be considered in isolation from the business. Instead, security should protect and enhance business processes and risk must be properly identified across key business areas.

Companies should be creating and continually making adjustments to their security policy, implementing any additional tools and processes needed to address threats. They also need to regularly review policy in line with changes in the environment, whilst evaluating themselves against the current policy to see if they have routinely followed procedure. If there seems to be a distinct lack of engagement with the organisation’s security policy, questions need to be asked as to how they refine the policy and whether the decision is taken to change or add tools to help with compliance around security.

The security landscape is constantly in flux with more advanced threats continually being generated. No organisation will ever be 100 per cent secure; any security and or policy must be agile enough to deal with the changing threat landscape.


  • Any good security policy should include things like using strong passwords that include numbers and letters; not sharing or displaying passwords; and only opening email attachments from reliable sources.
  • You should also encourage staff to use the web responsibly, and stay vigilant when contractors and outsiders are in the office.
  • In terms of IT, you should monitor access to the network, including memory sticks and other plug-in devices, which can be used to steal company information.
  • The sky is the limit when it comes to implementing security software, but there is a minimum level of security that any business should have. This includes: antivirus software to catch viruses and Trojan horse programs; anti-spam software to control spam which could contain malicious code or links to hacker web sites; and anti-phishing software to detect financial hacking techniques

Security has to be considered in the round.  If asked the question ‘is our data secured’ mostly the answer will be yes because the organisation has put security tools in place. However, it’s not simply a matter of ‘yes’ or ‘no’ when it comes to security, it’s about asking and understanding ‘so what exactly happens when’… Only by exploring such questions will you know if your organisation is primed to handle all security eventualities.