A report by Detica for the Cabinet Office estimates that cyberattacks cost the UK business community £21 billion annually. This is unsurprising considering that cybercriminals are deploying sophisticated and advanced cyberattack techniques regardless of business size.
The misconception that hackers may not be interested in organisations with little data or money has led small and medium businesses to pay less attention to cybersecurity, opening a channel for cybercriminals to penetrate these organisations’ network and systems to perpetuate their criminal activities.
Statistics reveal that small businesses are 60% more likely to be targeted for cyberattacks or breaches, compared to larger business, and in the UK, a small business is successfully hacked every 19 seconds.
While we rarely hear about cybercrimes on small and medium businesses, they occur frequently and are very costly – the average financial cost for small and medium businesses that lost assets and data from breaches is £12,920, with the most severe breaches costing as much as £310,800.
Cybersecurity for SMEs: Why should your business care?
Cybersecurity is the practice of protecting systems, networks, and programs from cyberattacks. Whilst the subject of cybersecurity can seem complex, having a basic understanding of cybersecurity is pertinent to the successful running of a business. Failure to protect your business can lead to financial, reputational, and even legal risks, small business or not.
Reputational Risk: A lack of cyber security policy can cause immense reputational damage to your business. Statistics show that 60% of small and medium businesses closed permanently after 6 months following an incidence of data theft or a data breach.
While some of your customers may choose to remain with you in the event of a data breach, there is a likelihood that most customers will take their business elsewhere. After all, who trusts a business whose lack of cybersecurity led to their identity being leaked or stolen?
Financial Risk: In addition to the reputational risk that a lack of cybersecurity can cause, there is the financial risk. The quantitative cost of a data breach may be easy to identify, measure and capture, however there are several other aspects many businesses overlook in calculating the impact and financial costs of a breach. An indirect financial cost, for example, can include loss of productivity, downtime, and loss of potential and direct customers.
Legal Risks: As with financial and reputational risk, the legal and regulatory risk of a data breach can be catastrophic. In recent years, we have witnessed an increased focus on industry standards and legislations that seek to protect both user data and the business from cyberattacks. A breach can result in termination of key services, or at the very least fines, all of which are guaranteed to severely restrict your organisation’s ability to conduct business and generate business revenue.
Protecting my business from cyberattacks
There is no one size-fits-all approach but certain best practices can drastically reduce the possibility of a cyberattack and keep your business safe. Here are 4 practices that will help to keep your business safe from cyberattacks:
Multi-factor Authentication: Multi-factor authentication verifies a user’s identity using multiple credentials. MFA can take many forms including password, smart card, pin code, facial or fingerprint scanner. It offers multiple layers of protection, making it very difficult for a cyber-criminal to access a device. If a cybercriminal steals one credential, they will still need to verify their identity in a different manner. The use of MFA can prevent more than 80% of attacks.
Regular security assessment and training: Do you have an information security policy? Do your employees have access to this policy and fully understand the required procedures, processes, and the potential consequences if the policy is violated. Does your policy include guidance for staff on how to handle sensitive information? Does it include password security controls, supplier, and vendor checks to ensure strict adherence to cybersecurity best practices? Do your employees understand how to identify, report, and respond to security issues. Do you provide employees with cybersecurity training at least once a year?
While policies may vary for different organisations, ensure that it covers the questions above.
Vulnerability Assessments: How frequently do you test your network and systems to identify potential security risks? Regular vulnerability tests provide you an opportunity to swiftly identify any risks such as unused open internet ports and remediate it before it is too late.
Attachment Sandboxing and Detonation: Attachment sandboxing is a technique that proactively detects malware by extracting an attachment from a message, running suspicious code in an isolated and safe environment, and monitoring the behaviour and output of the code. This prevents files downloaded from untrusted sources from gaining access to trusted resource or manifesting malicious behaviour that can impact users’ data and devices.
Tagging external emails: A common tactic deployed by cybercriminals is to send emails using the display name of someone within the organisation whilst using an external email. By tagging external emails, users are quickly warns of any suspicious message by including a caution notice for every email that did not originate from within the organisation.
Why choose Tivarri?
Small and medium businesses face more disadvantages when trying to protect themselves from cyberattacks when compared to their larger counterparts. This is largely due to factors such as lack of skills, resources, and staff. In a survey, 58% of responding Chief Information Security Officers felt that their small and medium businesses have a higher risk of attack when compared to their larger counterparts. 94% said that they have barriers in maintaining their security posture due to the increasingly remote workforce (37%), excessive manual analysis (37%), and a lack of skilled security personnel (40%), among other factors. A further 87% have difficulty managing and operating their threat protection products due to difficulty visualizing the full scope of an attack (42%) and overlapping capabilities (44%).
As a small and medium business, cybersecurity can seem too daunting due to its potential risks. Tivarri exists to take away this burden by providing managed IT security services as part of our IT solutions.
Tivarri’s Cranberry Cloud Hosted Desktop and Cranberry Desktop are designed from the ground up to be FCA and ISO 270001 compliant, the basis for due diligence, and meet key customer requirements including accessibility, remote working, enhanced security and data loss prevention. They include features such as multi-factor authentication, attachment sandboxing, application whitelisting, and regular vulnerability testing.
If you are considering improving cyber resilience for your small and medium business, we can work with you, advise you on a tailored cybersecurity plan and provide you with appropriate services that addresses your specific security risks. Contact us to get started.