Cybersecurity and its relevance to small and medium sized businesses (SMEs)

12 Dec 2022 img

Cyber security is an important part of business operations. It is a process of protecting an individual or organization from cyber attacks. These attacks can target the individual or organization’s computing, network, database, and other IT infrastructure and systems

Allianz has reported that in 2022, cyber attacks are the biggest concerns for most businesses, more than business or supply chain disruptions or even natural disasters such as the most recent pandemic that devastated the world in all sectors.

While many have assumed that cyber attackers mostly target large companies and organisations, however, it has been observed that hackers do not simply consider the size of an organisation before targeting that organisation. They focus more on finding vulnerabilities in the organisation’s system and exploiting them.

Small and medium sized business have become easy targets for hackers due to their lack of or meagre cyber security resources for some and false assumptions for others that believe that they are not under the radar of hackers due to their size. According to Accenture, 46% of cyber attacks were targeted at small businesses.

The fatality of these attacks have also not gone unnoticed as a report by Business Australia shows that 60% of small and medium size businesses close down within 6 months of being attached. IBM also reported that data breaches cost small businesses over $3 million per incident.

So, whether you are a startup with around two years of operations under your belt or you have been in the business for quite some time, it is now essential to have a cyber security strategy for your organization.

Common Types of Cyber Attacks on Small and Medium Sized Businesses

A survey by Ponemon Institute in 2020 revealed the most common cyber attacks experienced by businesses:

  1. Credential theft: This occurs when hackers steal login credentials to access services or privileged user and company data.
  2. Phishing and social engineering: Phishing is the act of stealing personal information by pretending to be a trustworthy entity. While social engineering is the art of manipulating people into performing actions or divulging confidential information.
  3. Account takeover: This involves gaining complete access to user accounts, similar to social media account hacks.
  4. General malware: This includes viruses, trojans, spyware, etc.
  5. Denial of service: This involves locking users out of the platforms they use to access certain services.

Developing a Successful Cyber security Strategy

The UK’s National Cyber Security Centre (NCSC) recommends a ‘three pillars’ approach to cyber security. They include:

  • People
  • Processes
  • Technology

Summarily, training people on best practices for cyber security, having clear processes and the right technology in an organization is an effective primary defence against cyber attacks.

An article by the Royal Bank of Scotland breaks down these 3 pillars that were recommended by the NCSC.

  1. People:

    The staff are often the first and strongest line of defence, as this is the first link hackers try to target. Training your staff to immediately identify the signs of a cyber attack or scam could save you a lot of time, effort and resources as it could be dealt with before it takes root in the organisation.

    Emails, for example are very important in day-to-day operations of an organizations, and hackers use this the most common form of attack by sending emails that are designed to look very familiar or from a popular and trusted brand. It is very important that your staff are prepared to tacke this.

  2. Processes: Ensure that you have the right procedures in place for reporting and dealing with suspicious activities.

    Even with the best training in place, mistakes can still happen. This is why having a simple and straightforward process for reporting and dealing with suspicious activities is very important. This can help in reducing the damage caused by an attack if and when it is suspected.

  3. Technology: Tools are available to make your organisation’s online security easier.

    Technology plays are very important role in your overall cuber security strategy. Spam filters, for example, have proven to be very effective against spam emails from hackers. There are also website security tools, password managers, encryption tools, database management security tools, server security tools, etc., that are available for your organisation.

    At Modus Lights, our ultimate goal is to help your organization jealously and securely protect your data and environment, while making sure the appropriate users have the required data and tools to optimally do their jobs.

Contact us today to protect your business online.