Busting the myths about cyber security

What is "cyber security" - and how should businesses approach it?
By The Newsroom
Published 27th Aug 2015, 23:10 BST
Updated 14th Dec 2016, 14:29 BST

Sam Sanderson is the founder and manager of the Sussex Cyber Security Cluster and owner of Lockcode Limited.

What is "cyber security"?

If you use a device - for example, a laptop, desktop, tablet, phone, or wearable tech - that is connected to another device, network, system, internet, or intranet, then you're in scope.

"It's OK. My IT team and web developer deal with that'

Hide Ad
Hide Ad

If it's your business, then it's you who is responsible, accountable and liable for data your company holds, processes or stores  - for example, customer data, corporate secrets, staff addresses, and bank details.

"We're co-locating in a shared office.We're covered"

By what? Read your agreement and consider what happens - and could happen - when you plug in your own devices into the shared network to access your data and information.

"We've never been attacked so we're clearly secure"

To be able to make this statement with confidence, one would need to understand what an attack would look and feel like - and be monitoring all systems (by "systems" we mean business, finance, HR, as well as physical and technical systems). This isn't realistic for even the most risk-averse organisation or overly-paranoid individual. It's also worth remembering that successful crimes are intended to go unnoticed - because they're "organised".

"My business is too small to be a target"

Small businesses are part of the bigger picture and can be used as target practice for the bigger prize. Smaller businesses in a supply chain are contractually obliged to comply with their clients' security requirements - regardless of whether they understand the terminology. So if you see and ignore acronyms in your contracts such as ISMS, 27001, SPF, FCA, FSA, and JSP, you may already be in breach of contract.

"We don't have anything a hacker would want"

Hide Ad
Hide Ad

If this were true, then you would have no business assets of value other than tangible physical items such as desks, empty IT kit, pens, and coffee cups. You might as well pack up your bags and go home.

Experts from the Sussex Cyber Security Cluster will be answering questions at the Brighton and Hove Chamber of Commerce event on Wednesday, September 30, 3pm-6pm at Grand Central. For more information and to book your place, visit: www.businessinbrighton.org.uk.