In mid-May, the WannaCry ransomware infected thousands of organisations, including the NHS, across more than 150 countries. But while the attack may have caught some people by surprise, Phil Chapman, senior cybersecurity instructor at Firebrand Training, the IT training firm, wasn’t one of them. “The attacks that make the press are just the tip of the iceberg,” he says. “The cold reality is that this is something that has been bubbling under the surface for an awfully long time.” The increasing number of breaches is due to the technological leaps made over the past few decades: emails, social media and smart devices may have made conducting business easier but they have also increased the likelihood of hack attacks.
And if any franchisor doubts that they should invest more in protecting their networks then they’d better reconsider. “The stories and statistics speak for themselves,” says Leon Deakin, partner and cybersecurity expert at Coffin Mew, the law firm. A report from the British Chambers of Commerce recently revealed that 20% of British businesses fell prey to digitally savvy offenders in 2016. And being breached can often be costly affair: not only could companies lose out on hours, if not days, of productive work but becoming a victim could also see their share value plummet. For instance, after Yahoo was found to have suffered a major data breach, the tech giant had to shave $350m off its asking price when the company was sold earlier this year. Additionally, with ransomware cases like the WannaCry attack, companies can be forced to pay the attackers to decrypt their files.
Worryingly, many SMEs seemingly aren’t concerned about the rising threat posed by malware. A recent survey by Firebrand Training found that SMEs carry out fire drills twice as often as cybersecurity drills, despite the fact that businesses experience breaches 125 times more often than fires. The report also unearthed the fact that 46% of businesses with 50 to 99 employees think cybercrime is not a threat to a business of their size, despite ample evidence to the contrary. “Any business or franchisor should be taking the threat of cybercrime very seriously,” warns Deakin.
The problem is that it isn’t enough to simply invest in a shiny new firewall: to keep their networks safe franchisors have to ensure their workers know what they are doing. This is paramount, as staff members are often the weakest link in companies’ cybersecurity defences. “Many attacks target the vulnerability of employees at some level,” says Oz Alashe, CEO of CybSafe, the cybersecurity firm. “People make mistakes or, more commonly, are unwittingly conned. It can happen to anyone.” Indeed, 95% of incidents involve human error, according to a report from Lawley, the cybersecurity-insurance company. “The good news is that employees can become your greatest defence through a few changes in behaviour, better education and by raising awareness,” says Alashe.
Having acknowledged the need to train franchisees and employees, franchisors should ensure all staff members are given the right education. And it’s necessary for everyone within the network to receive the same guidance if you’re going to keep the company safe. “If the staff don’t receive standardised training, everyone will be working to slightly different processes and have different levels of awareness,” says Alashe. “It only takes one person opening a suspicious email to compromise the business.”
However, convincing a franchisee to prioritise cybersecurity when they’re busy launching their own enterprise can be easier said than done, especially if they have to pay for the training themselves. So it can be a good idea to include cybersecurity training as a part of the package covered by the franchise fee. “Security awareness and training might not rank highly on the priority list of the franchisee otherwise,” says Perry Carpenter, chief evangelist and strategy officer at KnowBe4, the cybersecurity-training company. “Having the fee cover it – as well as having it required by the franchisor – removes any excuses.”