A cursory look at the cybersecurity landscape in 2017 throws up some of the biggest names in their respective industries. From Uber to Yahoo to Equifax to India’s Zomato and lots more, it seemed even the biggest companies in the world, despite their standing and financial heft, didn’t have means to defend themselves against this new menace.
But should network administrators and founders of startups or other small and medium-sized enterprises (SMEs) rejoice? Should they feel that cyber criminals will only attack the big guns and not worry about other smaller, insignificant players?
The answer is clear: a big and resounding no.
Waking up to the danger
Network administrators should consider the other aspect as well. The criminals don’t really care who they hit and in most cases, SMEs and startups make for an easier and better target. For one, smaller business will not have the financial resources of a financial giant and hence may not invest as much in security, hence meaning that their security measures for an impending attack may be low or even non-existent. Secondly, smaller firms will be much more desperate – even a small cyber attack has the potential to ground them and wipe them out completely, a fact which attackers will not be shy to utilize. They will be more willing to pay the ransom rather than bigger companies.
But are smaller businesses waking up to the fact that they are targets for cyber attacks? It does not seem so – a survey by the United Kingdom government and KPMG among 1,000 small business in the country threw up worrisome statistics: only 23% of small businesses felt cyber security was a top security concern while 29% of businesses who had not experienced a breach felt they would suffer reputational damage. Another worrying statistic arrived from the 2017 Verizon Data Breach Investigations report: at least 61 percent of the hacked industries and enterprises functioned with a smaller workforce, i.e. not even 1,000 employees.
A financial risk
And if SMEs need more reasons beyond just the security of their company, here is a financial one for the ones operating in the European Union. The year 2018 will see the General Data Protection Regulation come into effect from May 25 onward in all EU countries. As per the terms of this regulation, organizations violating the regulations may be fined up to 2-4% of their global annual turnover, depending on the violation. Small businesses are likely to be the worst affected of this provision. Bigger business will have huge budgets and may be able to tide over these fines but a small business is likely to get crippled. And hence, it’s extremely important that founders and administrators of small business negate this problem by setting up strong security measures.
So what are some steps in which small businesses and startups can implement effective cybersecurity? While SMEs may have resource constraints, it is important to take judicious and smart steps. A few measures which SMEs can employ are:
- Accept the risk: The first step is acceptance. A small business or startup cannot think they are not “important enough” to be attacked. The point has already been made, but to reiterate – no one is safe and possibly, SMEs are at greater risk. By accepting that they too are at a risk, a small business takes an important, first step and opens their mind to solutions.
- Risk assessment: The next step for a SME is to do a proper risk assessment. This is even more important for small business and startups as it allows them to understand what parts of their organization are under the greatest risk and prepare accordingly. Since resources need to be allocated much more carefully, a small business can draw up plans to invest more resources into areas of higher risk.
- Train employees on cyber security: With fewer employees, SMEs can actually invest in training their workforce which will be a big step in bolstering their defence. While larger companies with bigger workforces may find this step difficult, SMEs can train their employees about the importance of strong passwords, phishing scams, ransomware and malware attacks and how to prevent them.
- Invest in strong endpoint security solutions: SMEs have to think proactively before investing in a security solution. However, this is not a choice, it is a compulsion. SMEs must evaluate the options they have and choose the solution which best fits their requirements. They can consider Seqrite’s Endpoint Security (EPS) solution which integrates innovative technologies like Anti Ransomware, Advance DNA Scan, Behavioural detection system and others.