Cybersecurity for SMEs – Who, What, Where, When, Why and How?
Cybersecurity is a growing concern for businesses of any size. However, it’s often assumed that only the big companies are targeted by scammers, fraudsters and hackers. However, this is a false impression, which results in many start-ups and SMEs putting cybersecurity on the backburner.
When it comes to cyber threats to SMEs, the data speaks for itself:
- 60% of all cyberattacks or breaches are aimed at SMEs
- 68% of SMEs do not have a systematic approach for ensuring cybersecurity
- 60% of SMEs who were victims of cyber attacks did not recover and shut down operations within six months
As a business, and regardless of your size, your customers and partners trust you with their data and expect you to be secure. So, where do you start?
The right way for any SME to improve their cybersecurity is by recognising the who, what, where, when and why of cybersecurity. So, let’s get started.
The Who – Who poses a threat to your data?
Business data which is confidential or sensitive in nature has potential value. Consequently, as with any tangible item with value, it is vulnerable to internal and external threats.
Internal threats – originate from the people who work in or interact with your business. Think current and ex-employees, vendors, suppliers, consultants. Whilst their intent may not always be malicious; the results can still be destructive – accidental deletion of key records or acceptance of a bad email attachment which ends up downloading a virus or malware into your business network.
External threats – Cybercriminals who intentionally intercept and steal data. These threats may originate from global, national or local sources and can be carried out by individuals, organisations or even state-sponsored actors.
The When – When should you step up your cybersecurity?
Immediately. The longer your business isn’t protected, the more vulnerable you are to cyberattacks and the more it could cost to mitigate against potential threats.
SME owners desiring to improve their cybersecurity can start by assessing the current state of their IT systems, website and data storage.
SMEs can commence by putting together a list of potential risks and threats internal and external to your organisation.
The Where – Where is your data vulnerable?
Your data is vulnerable all the time. Essentially, every laptop, smartphone, tablet, desktop computer and networked device, as well as servers, routers and more.
Any IT system or application which manages, stores, transmits or manipulates data can be a potential entry point for a cybercriminal.
The Why – Why should you put cybersecurity measures into place?
Your customers, partner and suppliers trust you with their data. That trust is undermined if cybercriminals access the data whilst it is in your care. Your business brand and reputation could be severely impacted and cost you sales and money to repair and rectify the damaged relationships.
There is also legislation for privacy and data protection. For example, for any violation of the European Union’s General Data Protection Regulation (GDPR), SMEs can be fined up to €20 million, or four per cent of your global annual revenues – whichever is highest.
For SMEs that accept credit cards for payment, the PCI-DSS framework has been introduced by a consortium of credit card merchants, to encourage cybersecurity best practices and protect credit card data breaches.
Whilst not part of UK legislation, you may find your merchant account facilities are hampered of even withdrawn if it transpires you have failed to adhere to the PCI-DSS framework.
Finally, SMEs hoping to fuel their growth through government contracts should be aware that as of October 2014, all SMEs must show be Cyber Essentials certified when bidding for UK Government contracts.
The How – How can you protect your business from cyberattacks?
People are the key to SME cybersecurity. Comprehensive employee training and awareness will ensure that your staff are aware of potential attacks and how to handle them.
With the size, breadth and complexity of threats you can face as a business, the concept of cybersecurity can be daunting. Our cybersecurity guide for SMEs will provide valuable insight for improving cybersecurity for your organisation.