For the average SME, cybersecurity can be a scary thing to think about. Without the funding, expertise or staff to throw a dedicated cybersecurity team at the problem, it is incredibly common for security to fall through the cracks when businesses are developing and growing at lightning speed.
Small businesses often don’t see themselves as a likely target, but when you look at the data, small businesses are breached at an alarmingly regular rate. – In fact, much more regularly than their larger counterparts. According to one of the UK’s largest insurers, 65,000 cybersecurity attacks target SMEs every single day. And, a small business in the UK is hacked about every 19 seconds.
There are millions of cyber crimes committed each year, far too many for under-resourced police forces to deal with. This effectively leaves businesses of every size wide open to attack.
The logistical effects of a cyberattack
There’s a dangerous perception among many SMEs that they are simply not worth attacking. This isn’t the right way to think about cyberattacks. It might not be immediately obvious why a cybercriminal would attack your business. Perhaps you don’t host much data or what you do have isn’t thought of as ‘sensitive’. However, the simple truth is that all data has value in the right – or wrong – hands.
The effects of a cyberattack can reach much further than just the loss of data. A cyberattack such as a ransomware attack or a DDoS attack could halt business functions, resulting in indirect loss of earnings via downtime or a situation in which you’re being extorted.
In addition to this, attacks based primarily on financial reward are increasingly common. A BEC (Business Email Compromise) attack, for example, has nothing to do with the data a business hosts, and everything to do with making sure staff are properly trained. In these attacks, hackers use social engineering tactics to impersonate a company employee – usually a member of the finance team or C-suite – in order to push through a fraudulent invoice payment or bank transfer, claiming to be from a supplier, contractor or partner. These attacks rely on busy or untrained employees missing the little details which give the scam away.
The reputational effects
Even more fundamentally than these issues is the loss of reputation. Most SMEs don’t have a global reputation they can dine out on. They live or die by their ability to retain and attract new customers based on a burgeoning reputation. And this reputation can be existentially damaged by a security incident. In the face of a breach or loss of important data, customers and partners may begin to lose trust in the business – the beginning of the end for an SME.
SME security and COVID-19: more important than ever
As a result of COVID-19 , we have had to change the processes by which we keep our systems and businesses safe. At the same time, businesses face a challenge to keep staff motivated, productive and safe while remote working. The inexperience of many SMEs in safe working and the scramble to adjust has created plenty of open doors for attackers which weren’t previously there.
Additionally, the immense psychological stress that the pandemic has ushered in has its own security impact. Concerns around job security, mental and physical health mean we’re mentally stretched further than ever before.
This presents attackers with a big opportunity. Criminality has always thrived in chaos. Whether this is the black markets that appeared during the Second World War, the illicit liquor trade ushered in by Prohibition in the United States in the 1920s, or cybercriminals working to exploit the anxieties around a campaign, times of increased stress and confusion always offer opportunities for crime.
The good news is that a lot of SMEs are excellently positioned for a remote working set-up, being more likely to have a flexible and agile workplace than your average multinational corporation. A recent case study with LegalEdge found that some SMEs had seen virtually no difference in remote working and their security posture, as many were almost totally remote before COVID-19.
This gives SMEs a unique opportunity moving into 2021 and beyond. Unlike many of their larger counterparts, SMEs are ready for a world in which remote working is the norm. With many employees reluctant to return to a traditional office environment, this makes SMEs an attractive proposition for talent.
We’ve already seen how the pandemic has impacted working practices and, even with the hope vaccination brings, we’re unlikely to return to the office for a long time, if at all. So, for SMEs, this is a great opportunity to sell themselves as the workplace of the future.
However, it also means cybersecurity must remain a top priority. A fast transition to remote working without security at the forefront risks making your business vulnerable.
The use of unsecured networks and endpoints, the fusing of home and work devices and the lack of control offered by the traditional office environment are all issues that need addressing.
As we enter the peak of the second wave, now is the time for SMEs to take a deep breath, take stock of their security and address any issues. But it’s about so much more than a cursory check of your firewalls and anti-virus software.
Transforming your culture, so security is a constant rather than an afterthought, won’t just protect your business. It’ll also help build trust with customers, partners and prospects by demonstrating you’re serious about protecting their data. As awareness of cyber threats grows and with it the demands of your customers, this can only give you a competitive advantage.
COVID-19 has deprived all of us of so much. However, it’s also a fantastic opportunity to reset. There’s never been a better time to review the way your business approaches cybersecurity, so why wait?