Cybersecurity for SMBs – Who, What, Where, When, Why and How?

1,030
Cybersecurity SMB
Image Credit: BeeBright / Getty Images

Cybersecurity is a growing concern for businesses of any size.  However, it’s often assumed that only the big companies are targeted by scammers, fraudsters and hackers. However, this is a false impression, which results in many start-ups and SMBs putting cybersecurity on the backburner.

When it comes to cyber threats to SMBs, the data speaks for itself:

Cybersecurity is a growing concern for businesses of any size.  However, it’s often assumed that only the big companies are targeted by scammers, fraudsters and hackers. However, this is a false impression, which results in many start-ups and SMBs putting cyber security on the backburner.

When it comes to cyber threats to SMBs, the data speaks for itself:

  • 60% of all cyberattacks or breaches are targeted at SMBs
  • 68% of SMEs do not have a methodical approach for ensuring cybersecurity
  • 60% of SMEs who were victims of cyber attacks were unable to recover and closed operations within six months

Source: SMESEC Consortium

As a business, and regardless of your size, your customers and your business’s partners expect you to be secure and trust you with their data. So, where do you start?

A good way for any SMB to improve their cybersecurity is by recognising the who, what, where, when, why and how of cyber security.

The Who: Who is a threat to your data?

Business data which is confidential or sensitive in nature has potential value.  Consequently, as with any tangible item with value, it is vulnerable to internal and external threats.

Internal threats – originate from the people who work in, or interact with your business.  Think current and ex-employees, vendors, suppliers, consultants.  While their intent may not always be malicious; the results can still be devastating – accidental deletion of key records or acceptance of a malicious email attachment which ends up downloading malware on to your business network.

External threats – Cybercriminals who intentionally intercept and steal data. These threats may originate from global, national or local sources and can be carried out by individuals, organisations or even state-sponsored actors.

The When: When should you improve your cyber security?

Immediately.  Your business’s vulnerability to cyber attacks increases the longer your business isn’t protected.  Delaying improvements in your cyber security could also end up costing more to mitigate against potential threats.

SME owners desiring to improve their cybersecurity can start by assessing the current state of their IT systems, website and data storage.

SMEs can commence by putting together a list of potential risks and threats internal and external to your organisation.

The Where: Where is your data at risk?

Your data is at risk all the time. Essentially, every desktop computer, laptop, mobile device, and networked device (servers and routers).

Any IT system or application which manages, stores, transmits or manipulates data can be a potential entry point for a cybercriminal.

The Why: Why should you implement cyber security measures?

Your customers, partners and suppliers trust you with their data. That trust can be undermined if cybercriminals access the data whilst it is in your care. Your business brand and reputation could be severely impacted and cost you sales and money to rectify and repair the damaged relationships.

There is also legislation for privacy and data protection. Violation of the GDPR  (General Data Protection Regulation), can see businesses fined up to €20 million, or four per cent of your global annual revenues.

For SMBs that accept credit cards for payment, the PCI-DSS framework has been introduced by a consortium of credit card merchants, to encourage cybersecurity best practices and protect credit card data breaches.

Whilst not part of UK legislation, you may find your merchant account facilities are hampered of even withdrawn if it transpires you have failed to adhere to the PCI-DSS framework.

Finally, SMBs hoping to fuel their growth through government contracts should be aware that as of October 2014, all SMBs must show be Cyber Essentials certified when bidding for UK Government contracts.

The How: How can you protect your business from cyber attacks?

People are the key to SMB cybersecurity.  Comprehensive employee training and awareness will ensure that your staff are prepared for any potential attacks and aware of how to handle them.

The concept of cybersecurity can be daunting, particularly when your consider the breadth and complexity of threats your business can face. Our cybersecurity guide for SMBs will provide valuable insight for improving cybersecurity for your organization.

You might also like