The WannaCry ransomware swept the world in May 2017. Many local SMEs were frightened. Those which became victims were threatened to pay ransom to get back their data.
With the popularisation of smart technology, more and more business transactions are conducted over the network. Enterprises highly depend on information systems in their daily operations. The consequence of insufficient information security might be service disruption or customer data leakage. Beside the damage of reputation, the enterprise might also face claims by third parties on negligence of security protection on customer sensitive data.
According to the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey” published by the Hong Kong Productivity Council (HKPC) in April 2018, the Hong Kong Enterprise Cyber Security Readiness Index was 45.6 (in the range of 1-100), which was below the ideal threshold of 60. In a closer look according to the company size, the index for “large enterprises”, which usually have more resources, was 58.3, while that of SMEs was only 43.4. Though SMEs may be aware of the importance of cyber security, they often lack proactive measures and respond reactively when incidents occur. They do not have regular security risk assessment, and follow up with enhancements in security technology and security management.
For SMEs which have insufficient resources and lack of security technology and knowledge, it is really a headache to find a good starting point to enhance cyber security.
To address this issue, Hong Kong Productivity Council and its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) have recently complied a “Seven Habits of Cyber Security for SMEs” which cover seven areas:
The guideline includes security best practices and a simple checklist for security self-assessment, which aims to help SMEs with limited resources to cope with the increasingly complex cyber security threats.