←All Posts Posted on November 28, 2015 By admin
High profile cyberattacks on big businesses are sure to make the headlines. But smaller businesses aren’t immune from the threat of cybercrime, they often hold information that’s attractive to attackers, yet they can’t afford the sophisticated security measures available to larger organisations.
Cybercrime is an equal opportunity field and hackers will attack any size of company if the rewards are sufficiently lucrative. Of course credit card and bank details are the most sought after targets, but even email addresses can prove valuable as source material for spam and phishing campaigns. Indeed, any personal details can provide opportunities for identity theft.
Figures from the Small Business Committee in the US suggest that over 70 percent of cyberattacks are against organisations with fewer than 100 staff. Simply the fact of holding information about customers and employees can make a business vulnerable to attack. In addition, there’s the fact that the large number of smaller enterprises gives criminals a target-rich environment. With so many to choose from, the chance of finding a company with lax security becomes higher.
It’s also important to consider the risk from outside the company itself. Big corporations will have the resources to examine the security practices of their suppliers and contractors, small businesses often don’t. It’s crucial to be aware that security needs to be in place at all levels of the supply chain, from ordering raw materials to selling the finished product.
Systems are increasingly interdependent, so a vulnerability in a supplier’s procedures can lead to loss of information via the back door. Investigation and resolving such a leak will require the use of specialist resources which smaller businesses generally won’t have available in house.
A further indirect risk arises from the increasing popularity of cloud services. Many organisations see the cloud as a way of making cost savings on their IT systems. However, they often assume that the cloud provider will be taking care of security and therefore neglect to take precautions themselves.
When we talk about cybercrime, we often think of attackers penetrating a system from the outside. In fact the greatest risk is often internal. In rare cases disgruntled employees may deliberately leak data, and smaller companies are no more immune to this than large ones.
There’s a bigger risk of users falling prey to phishing attacks. Businesses of all sizes are increasingly being targeted by fake invoices and other emails looking to trick staff into making payments, or into installing viruses that can be used to steal data.
Smaller companies will often allow staff to use their own smartphones and tablets for work too. This leads to additional risk unless there’s a policy in place to protect business data, and approved security software installed.
There’s little doubt that smaller businesses have to take seriously the need to protect themselves against cybercrime. This means putting security measures in place to protect servers, cloud systems and endpoints.
Small businesses have the ultimate in secret weapons that the big companies often don’t have: High employee engagement. Businesses that engage employees and provide sufficient cybersecurity awareness training not only create a stronger feeling of loyalty within their employees, but also significantly improve the company’s cybersecurity posture.
Companies need to ensure their staff are trained to spot threats. In addition, they should have a policy in place to deal with BYOD and with the threat of lost or stolen mobile devices. Insuring against the potential losses from cybercrime is increasingly popular too.
It may seem that guarding against cyberthreats is costly and time consuming, but for any size of organisation the cost of ignoring it could be even higher.