This post will discuss some of the pitfalls that SMEs can stumble into when confronted by the subject of Cybersecurity in business.
Key Cybersecurity In Business Points
- Ensure that your I.T. System is protected with Internet Security and Anti-Virus/Anti-malware.
- Get a Back-up! Regularly Up-date & test to see if it works efficiently.
- Monitor & manage your software, this is the only way that it is truly effective.
- Use Multi-authentication on your accounts.
- Introduce policies & procedures regarding the use I.T. devices and online activity, strengthen this with staff training & awareness around cyber-security.
- Create a Cyber-security Response Plan
- Consult with I.T. services if extra support and advice is required.
SMEs are not a target for cybercriminals…
It was found that 43% of cyberattacks are targeted at SMEs and this figure has risen over the past 18 months due to Covid-19.
Unfortunately, SMEs do not have the same financial resources and expertise to invest in their I.T. security or maintenance which leaves them in a vulnerable position in comparison to larger companies.
A survey conducted by the National Cyber Security Alliance (NCSA) it revealed that a quarter of SMEs that suffered a data breach had to file for bankruptcy within a year!
It is much easier to target SMEs due to the lack of robust protection. Cybersecurity in business takes the form of employee training, cyber-security response plans and managed software systems.
Businesses need to start formulating an IT support plan. This is to protect their digital assets and utilise all of the resources available to them.
It cannot be emphasised enough the benefit of contacting an I.T. Consultant or a local Managed Service Provider to discuss your concerns and budget when investing in your cyber-security or upgrading your devices.
They can guide you and recommend products and packages that are specific to your needs and save you money in the long term!
Sophisticated cybersecurity business software will offer complete protection
It is essential that your devices are protected with a reputable internet security software package to provide a buffer between your devices and any online threats. Like, most products there is a wide range of security software on the market targeted towards households and enterprises, all varying in price.
Of course, the more you are willing to pay will be reflected in the capabilities of the software and frequency of updates, scanning and testing which will be performed, but this does not guarantee an impenetrable shield against cybercriminals.
These security packages are only fully effective if they are configured, monitored, maintained, and integrated with all the security apps operating.
Anti-Virus & Anti-Malware will provide enough cybersecurity protection
Anti-virus and Anti-Malware software while important to have running on your device are not enough.
As previously mentioned this software needs to be properly managed and does not give you a 100% guarantee that no newly developed malware, virus, or hacker can access your device!
Remember cybercriminals are highly skilled and constantly trying to develop new software and tactics to bypass security, this is how they make their money!
So, it is your responsibility to ensure that you have backed-up all your files securely and continue to do so on a regular basis to avoid complete data loss!
Passwords are strong enough to withstand hackers
Passwords (alone) are not strong enough to withstand a determined hacker. There are numerous ways in which your online accounts and I.T. devices can be accessed by external entities.
Over 80% of breaches involve “Brute Force” or using lost or stolen credentials via “Phishing” and “Form-Jacking”.
There are numerous strategies that hackers can use to crack or steal passwords. It is recommended to add multi-factor authentication on your accounts so there is at least another barrier that the hacker is confronted with before they gain access.
The system will notify us if there is a breach
While some protective applications may send you notifications about possible spam emails or suspicious activity often Cybercriminals can bypass detection through Phishing or other effective tactics.
48 % of malicious email attachments are sent as Microsoft Office files!
According to IBM in 2020 the average time taken to identify a breach was 228 days. It took an average of 80 days to contain the breach and up to a year to resolve the problems caused by the attack. This results in reputational damage and heavy financial loss!
Our current I.T. System is compliant with industry regulations and therefore must be secure & safe
If your business/organisation is currently using a software package that ensures that the data being stored and protected is compliant with industry regulations it would be advised to check if the software secures all data rather than specific data e.g. credit card details. If you store a client’s card details, you will more than likely hold other valuable information about that individual/organisation.
PCI compliant packages might not include the other vital information you have on file which needs to be given the same level of protection as the payment details!
Our data isn’t valuable, we don’t need to preform daily backups!
Firstly, all data stored on a device has some value, think about all the information that is accessed and stored on your work devices. It will hold the details of your employees, clients/customers, suppliers, and credentials to the various online business accounts. Imagine if an individual or group could access these without your knowledge…..
Cybercriminals can and will use the accessed information either by trying to extort money from the business or sell the details on the dark web. There is also the chance of the hacker infecting your website or devices with malicious malware, which will cost time and money to rectify!
By ensuring that your files are securely backed-up you have the critical data to start a stronger recovery plan.
Our MSP/I.T. department have sole responsibility for our cybersecurity and will keep us protected
While the I.T. Department or Managed Service Provider are assigned the duty of monitoring and managing your I.T. systems, the sole responsibility of securing the business from a cyberattack does not fall on them alone. Unfortunately, when it comes to cybersecurity and I.T. issues you cannot afford to think that a single designated team can be blamed for a breach.
A thorough and effective Cybersecurity Response Plan involves everyone in the organisation doing their part, by strictly following the policies and procedures set out to achieve a high level of adherence and in doing so minimising the risk.
Regular communication between the I.T. Department or MSP with management is necessary to ensure that everyone involved understands how to fully utilise the software on the system and what steps to take if there are any urgent issues.
Cyber breaches are covered by General Liability insurance
Not all insurance policies will cover the financial cost of a data breach. Therefore, if your business/organisation holds sensitive information it is advised to negotiate with an insurance broker about what kind of policy would provide you with the best cover if such a scenario occurred. The cost of data breach can cripple any size company so having a policy that could offset some of the burden would be a great advantage!
Cybersecurity requires huge investment
Cybersecurity does not require huge investment, if your budget does not allow for advanced software packages and management services you can still protect your business.
Choosing an affordable Anti-virus/Anti-malware package and educating staff on the best I.T. security practice can make a difference.
In fact, some useful cybersecurity apps are affordable and by implementing strong policies and procedures your business can make the most of its resources until you can upgrade!