The first steps in securing your small and medium sized business (SMB)
Threats to SMBs
For many SMBs, security is not a priority. A 2019 study done by Verizon found that out of all the victims of data breaches, 43 percent of them were SMBs.* The main reasons for this may be because they believe they are not a target for security attacks due to their size, or just because they do not have the resources to protect themselves.
In reality, the biggest threats to a company’s security are its employees. This is not to say that every company has malicious employees striving to steal company information, in turn losing the company money, but it is through lack of employee training and awareness that in essences facilitates these types of attacks, allowing hackers to infiltrate sensitive parts of your business. 94% of security breach incidents involving malware used email as a vector (method) for the attack. This includes employees opening an unsafe email and downloading a malicious attachment.*
Lack of Security and Resources
The lack of media coverage of data breaches in which SMBs were targets gives fuel to the fire, enhancing the belief that their business isn’t vulnerable, to give an example its comparable to locking all the windows but leaving the front door open. For many businesses, security is an unwelcome cost that they can’t afford. In reality, it’s a false economy to ignore cyber security risks as the cost for data recovery, reputational damage, consumer confidence and potential Data Protection regulation fines winds up harming the company more than the small amount needed to provide an extra layer of protection to company data. In a study of SMBs in 25 different countries, Kaspersky Lab found that the financial loss for SMBs is increasing yearly, with a $32,000 jump from 2017, bringing the average loss up to $120,000 per incident, which includes the incident itself and recovery.** This loss can be devastating for SMBs. According to Switchfast Technologies, over half of SMBs that have suffered a data breach within the past six months are likely to go out of business - a direct result of the breach.
Although it may seem easy to secure a small business, they have unique challenges that larger organisations aren’t faced with. These include: lack of resources, expertise/understanding, information, time, and training.*
Strong cyber security is crucial for SMBs who want to continue in their success and growth. Despite these challenges, there are simple ways for SMBs to protect their data and assets that will provide a successful future for the business.
Three steps all SMBs should consider taking
(1) Harvest a security culture within your company. Management must lead the way in providing an example of the best security practices from day to day. Create tangible written rules, or a Code of Conduct, a comprehensive security training program so they fully understand best practices and the significant impact they have on the security of the business. This includes having a strong password policy and requiring all devices (whether an employee’s or the company’s) with company data to have antivirus. Resilient Defence has simple, online training providing employees with CPD accreditation, increased security awareness and an added layer of protection for the SMB.
(2) Complete a Vulnerability Assessment. It is difficult for a company to know where its vulnerabilities are and understand them enough to fix them. Unfortunately, a hacker can most likely figure out the weaknesses in your systems before you even realised you had a problem. Even worse, businesses struggle with identifying that they have been hacked as 56% of breaches take months or longer to discover.* Not only does the number of records loss increase from approx. 417 to 70,000 within a week if the breach is not caught, the financial loss triples from $28,000 if caught immediately in comparison to $105,000 within a week.** With a vulnerability assessment of your organisation conducted, you can begin to understand the flaws in your software so you can fix them before a hacker exploits them. This is also good for businesses who are not ready to invest in a full penetration test, which involves a vulnerability assessment as well as a consultation phase, investigation phase, exploitation phase, and reporting.
(3) Get Cyber Essentials Certified. The recent new certification opportunity gives businesses the ability to increase the trust between their potential partners and customers. Cyber Essentials is a cyber security standard for businesses that focuses on the IT security systems in place in order to demonstrate they are effectively addressing risks and vulnerabilities within their business. It can also go a long way to your business aligning to GDPR regulations and offers new opportunities for the company to work with the UK government.
The process of certification forces a company to evaluate their security checks and potentially change certain practices and security controls in order to improve their cyber security. This process may seem overwhelming without a solid understanding of cyber security but there are organisations that can help your business through this process, including Resilient Defence.
All businesses, big and small, have a responsibility to secure their data and technology. Ignoring the risks can lead to loss of assets, reputation, customers, and potentially the business as a whole. No matter the stage of development of an SMB, now is the time to start increasing the cyber security of the business.