It’s a common misconception that cybercrime only affects large organisations. Make no mistake about it, hackers target organisations of all sizes across all industries. In fact, according to the Verizon Data Breach investigation report, 58% of data breach victims were SMB’s in 2018, proving that SMBs are just as vulnerable as a larger and enterprise level organisation.
Maybe you think your SME has nothing of value to a cyber-criminal, so basic IT security measures are enough? Unfortunately, not. According to the Cyber Security Breaches Survey 2018, a staggering 44% of small businesses have been victims of cyber-attacks in the past 12 months. Despite smaller organisations not having the large-scale amounts of data that bigger organisations have, they still contain valuable business data, such as employee and customer information (that could be used for identity theft crimes). It is also common for the breach of smaller organisations to act as a gateway to larger companies via unprotected connections.
That said, basic prevention methods such as a firewall, antivirus, maybe even the use of two-factor authentication, are – whilst good measures – not enough.
Convince me. How could a cyber-criminal target me?
Inadequate cyber security measures can contribute to SMBs being more vulnerable, and often considered by attackers, as softer targets. Hackers commonly utilise the “spray-and-pray” attack technique, which involves setting up automated systems to randomly infiltrate businesses. Such attacks are so random that they create a threat environment that is very aggressive. Paired with uneducated employees, this form of attack can be extremely effective at creating detrimental outcomes for all kinds of organisations. Why? Well, unsurprisingly the number one tactic for hackers to gain access to smaller organisations’ networks is through email. As you can imagine, even a user in a small organisation (less than 250 employees) will receive countless emails daily, some of which are likely to be phishing that will reach their inbox – despite active spam filters in place. Verizon’s 2018 Data Breach Investigations Report found that 92% of malware is delivered via email. Moreover, according to Symantec’s 2018 Internet Security Threat Report, 88% of malicious emails use malware-laden attachments to trap their victims. So, it’s important that all employees are educated on what to look out for and what actions to take when faced with inevitable phishing emails. Failing to implement simple measures such as this, no matter how many employees you have in your organisation, it only takes one wrong click to compromise a business and cause devastating damage.
Even for a small organisation the costs of a cyber-attack can prove fatal. According to Ponemon, SMB’s incur nearly four times the per capita cybercrime costs of largest firms. Not only that, theft of customer information can cease operations or even put a company out of business. Ultimately, a single incident that damages a firm’s reputation or brand can result in unrecoverable losses. That being said, to help reduce the risk of a cyber-attack, it’s important to make cyber security everyone’s responsibility and create a positive cyber security culture within your organisation.
Unfortunately, although malicious emails remain the most common method of attack, this may only be the starting point. As a result, even smaller organisations are becoming more serious about upgrading their protection and crucially educating their employees on the ever-evolving cyber threats. Ultimately, poor protection paired with uneducated users make any business susceptible to a cyber-attack, regardless of their size.
It’s never too late to start implementing measures to help prevent a cyber-attack. Take a look at some simple, cost-effective, top-tips below:
- Ensure you have the right basic measures in place to protect your devices and network. Deploy a firewall, VPN and antivirus software to ensure your network and endpoints are not vulnerable to cyber-attacks.
- Educate your employees on the ever-evolving cyber threats. This means regular, relevant and engaging training on cyber topics, as well as best practice measures. Make everyone in the organisation responsible.
- Conduct a risk assessment specifically tailored for your organisation and shape a security strategy around this. Understand the potential security threats you could face and the impact they may have on your organisation.