Cyber Security For SMEs

Uploaded on 2020-11-10 in NEWS-Cybersecurity News, FREE TO VIEW

Small and Medium Enterprises (SMEs) are widely acknowledged as playing a critical role in the economy, and yet they are also potentially more at risk of cyber attacks than larger enterprises. With increasing digitalisation and remote working due to Covid-19, the ability to tackle cyber risks is key to ensure that SMEs can benefit from a digital economy is very important.

Cyber criminals target SMEs as many don’t have robust security measures in place and lack the technical resources  to carry out a cyber security audit to identify weaknesses. 

The UK Government Cyber Security Breaches Survey 2020, reveals that many businesses are confused about audit best practice, supplier risks and the reporting of breaches. Half of businesses say they have carried out an internal or external audit in the last 12 months, but the quality of the audits varies greatly. In some cases, external audits were more financial based and only touched upon some aspects of cyber security. 

Cyber security is the means by which individuals and organisations reduce the risk of becoming victims of cyber-attack. A hacker will frequently use a phishing e-mail to infiltrate the SME’s network, it’s all done via targeted spear phishing e-mails. 
Hackers find it easier to hack smaller organisations, employees have had less cyber training and are more likely to click on the e-mails, as they misunderstand phishing threats. Whereas employees in the larger corporations are less likely to be hacked as education about the dangers of phishing attacks has usually taken place.

Another core function is to protect the devices like smartphones, laptops, tablets and computers, and the services that are accessed, both online and at work. It’s also about preventing unauthorised access to the vast amounts of personal information that are stored on devices and online.

Around 65,000 cyber-attacks are attempted on UK SMEs daily, with about 4,500 of them carried out successfully, according to Hiscox. 

This means that every 19 seconds, one SME in the UK is suffering from a cyber breach/attack and a survey by cyber insurance firm Gallagher reported that at least a third of businesses admitted that if they suffered a breach and were unable to continue to trade, their business wouldn’t be able to survive for more than a month.

SMEs are already dealing with difficult challenges and the last thing they want to think about is cyber security. However, with the sudden change in work practices as a result of the Covid-19 pandemic, cyber criminals are taking this opportunity to exploit SMEs poor security and attack them when they are at their most vulnerable. 

This is why investing in cyber security has never been more important, according to Britain's Police Digital Security Centre.

Today, most businesses have a website, store important digital information within their system or the cloud, This can include personal/financial data, intellectual property, use online banking and usually equip their staff with work devices (phones, computer, USB drives). If these devices and network systems are not secured properly and left vulnerable, an organisation can fall victim to a cyber-attack. The effects of such a breach can be devastating, resulting in financial, personal and material loss, which could leave the business fighting for their very existence. 

The Police Digital Security Centre believe that education and awareness is the most effective way of reducing the vulnerability of small businesses to the most common types of cyber-crime. By making simple changes within your organisation and reviewing those cyber security measures on a regular basis, can help you prevent an attack or breach. For example, ensuring that you have a strong password policy, training your staff how to spot phishing emails and encouraging good cyber security practices within your business, are all steps SMEs can take to strengthen their cyber security posture.

Good cyber security will benefit every aspect of your business and strengthen your capability to respond and recover more effectively. In case of a breach, you are able to keep disruption to a minimum, recover more swiftly to ensure business continuity and reduce your overall financial, data and reputational loss that could otherwise be crippling to your business. 

Additionally, by understanding your exposure to risk and putting into place simple control measures demonstrates to customers, staff, stakeholders and suppliers how important the security of their information is.

Five  Cyber Security Tips for SMEs:

1. Strong password policy – To prevent unauthorised access to your device use a strong password for all devices and social media accounts (e.g. such as a passphrase of three random words). Change default passwords on all your devices upon initial installation (especially your Wi-Fi router at home or any IoT devices you may have!) and consider using password managers to store and protect your passwords. 

2. 2FA – Turn on two-factor authentication on all your accounts and devices, to ensure that your data and information is secure.

3. Software update – Set all your devices and apps to download and install updates automatically to ensure that any crucial fixes are not missed, which will reduce the risk of your devices being infected with malware. 

4. Back up – To safeguard your most important personal data and information, back them up to an external hard drive or cloud-based storage system to avoid any losses. 

5. Install Anti-virus – Install and activate anti-virus software on all your devices, preferably set it to update automatically. This will help you to run a complete scan of your system and check for any malware infections.

The most important thing to understand is that cyber security really isn’t that complicated to do and has a positive impact on how SMEs can conduct business securely. 

Business owners need to get proactive in understanding their security responsibility, failure to do so could result in a hefty fine, the termination of lucrative contracts and even risk personal liability. Commercially, if your business cannot show that it takes cyber security seriously, it risks falling at the first hurdle.

Police Digital Security Centre:   Professional Security:    CySure:     Business Leader:   Business Times:    ITWeb

For business specific cyber security information and training recommendations please contact Cyber Security Intelligence.

You Might Also Read: 

Critical Cyber Security Threats & Solutions For Business:

 

« Fake News Is A Big Problem For CISOs
The Five Best Ways To Secure Your Cloud Environment »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

National Cybersecurity Competence Centre (NC3)

National Cybersecurity Competence Centre (NC3)

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Cytenna

Cytenna

Cytenna Signal is a suite of SaaS (Software-as-a-Service) products that use AI and machine learning to automatically aggregate the latest information about software vulnerabilities.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.