Security 101 for SMEs as Cyber Risks Rise
- Nearly half of all small businesses were targeted by cybercriminals last year.
- SMEs face many of the same cyber threats that large organizations face, such as ransomware, identity theft, spyware, and more.
It is believed that global cyber damage costs could hit $6 trillion annually by 2021, according to a report by the Herjavec Group. While only large companies get the headlines for data breach and hacking incidents, there’s an undercurrent of attacks constantly targeting small-and-medium enterprises. For over 50,000 U.K SMEs, the cyber risks have risen to an extent that it could throw them out of business.
State of Cybersecurity of SMEs
SMEs, in general, have poor security readiness due to numerous factors which allows adversaries to penetrate their network and systems more easily. Moreover, less secured companies aren’t positioned to bear the consequences of an attack due to insufficient resources.
- 43 percent of cyberattacks are aimed at small businesses, but only 14 percent are prepared to defend themselves, as per Accenture's 2019 The Cost of Cybercrime report.
- More than half of all small businesses suffered a breach last year, and four in ten have experienced multiple incidents of attacks, a Hiscox study reveals.
Problems and Challenges
The virtual range of cybersecurity measures to safeguard networks has also grown exponentially with the growing complexity of modern IT infrastructure.
- Hackers exploit easy targets to send spam, inject spyware and ransomware, or distribute Remote Access Trojans (RAT) tailored to obtain credentials of e-banking accounts.
- A hacked SME website, even if it doesn’t process transactions or secure much of confidential data, can be found on the Dark Web marketplaces for sale.
- Google and other search engines may eat up your SEO, Google Ad and other page ranking efforts once a website is identified as a source of spam or malware. It can result in irreparable and protracted damages to a business.
- If you operate through an app and your platform has poor data encryption and can expose sensitive customer data, it may invite a permanent ban from the Apple and Google Play stores.
- Not complying with essential security policies such as PCI SSC or SSL/TLS encryption can also hurt the business operations.
SMEs, especially smaller businesses, may not have cybersecurity strategy and planning among their top priorities. However, the cost of neglecting these risks only grows with time. Here’s the security checklist to consider and embrace the culture of cyber readiness:
- Use the first line of defense: Firewall, as also recommended by the Federal Communications Commission (FCC), acts as a roadblock between your data and cybercriminals. In addition to the standard external firewall, companies can also choose to install internal firewalls to provide an additional protection layer. Make sure your employees have it enabled on their systems too, in case they work from home.
- Protect your assets: Depending upon your business type, your valuable assets can vary. Having knowledge of where all the critical, confidential data are located, implement extra security measures to protect it. And most importantly, have a contingency plan to save your data. The plan encompasses capabilities to recover systems, networks, and data from known, accurate backups.
- Ready you defense against malware: Anti-malware software is very useful when it comes to blocking and flagging threats for the safety of devices. Window’s Defender and MacOS’s Xprotect are two fairly capable inbuilt tools meant for this. One of the best practices to ensure you never get plagued by malware is to keep the devices up to date and with strong password protection while avoiding connecting to unknown Wifi networks.
- Control authority over data: Deny extra permissions to those who don’t need them. For administrative tasks, only accounts with administrative privileges should have authority to perform the tasks. Use standard accounts instead of privileged account for general work.
- Use a multi-factor authentication (MFA) process: Maybe a dedicated attacker or an inattentive employee will be the reason behind a successful identity breach. Besides, identity theft is an easy, low-risk but high-reward crime that crooks love. Using MFA, you add additional layers of protection to secure your accounts or devices. With MFA, administrators can also leverage contextual information, such as login behavior patterns, geo-location, and type of login system being accessed to identify anomalies.
Cybersecurity is more than an investment. Indeed, small businesses face the same security threats as many other large enterprises do: ransomware, spyware, stolen credentials, and more. Without the right security strategy in place, we might end up enabling the adversaries and falling prey to their attacks.