< Back to News

Why your SME is an attractive target for cybercriminals, and what can you do about it?

November 9, 2022

The pandemic has changed the way we do business forever. Companies globally adopt cloud-based solutions to enable remote and hybrid work and embrace new growth opportunities. Unfortunately, the new possibilities come at a cost. Moving to the cloud without the necessary security measures exposes businesses to cyber threats such as social engineering, malware, or ransomware attacks. 


It’s a common myth that large companies with high turnovers and big budgets would be more attractive targets for cybercriminals. In reality, it is quite the opposite. Research shows that over 43% of all cyber-attacks target SMEs and that accounts of CEOs and CFOs of small companies are twice as likely to be taken over compared to average employees.


Lack of awareness


One of the main reasons why small and medium businesses fall victim to cybersecurity attacks is a lack of awareness. Unconscious of the scale of the potential danger and its source, SMEs often don’t put any protection measures in place. The data speaks for itself, with over 60% of all SMBs suffering from at least one cyber-attack in 2020. 


According to Barracuda, email protection specialists, more than half of small business owners think it is unlikely their company will be a victim of a cyber-attack. 6% think it will never happen. Their recent report shows that small businesses are three times more likely to be targeted by cybercriminals than larger companies and that an employee of a small business with less than 100 employees will experience 350%more social engineering attacks than an employee of a larger enterprise.


No budget


This lack of awareness, in turn, impacts the decision-making process and budgeting of small and medium businesses, with many SMEs not even considering including cybersecurity costs in their planned expenditures. Small companies may struggle to justify the cost of cybersecurity software and training if they’re not aware of the scale of danger. 


A Cyber Security Magazine study found that 83% of SMEs are not financially prepared to recover from a cyber-attack. Out of those who have budgeted for any required recovery, most business owners focused on recovering earnings and hardware and software costs. Less than 10% accounts for reputation management, customer service or having sufficient funds to cover legal fees, should the customer sue.



No prevention measures


Another, perhaps the most significant issue that stems from a lack of awareness is the lack of preventative measures in place. SMEs rarely invest in basic safeguarding measures like having a security policy or cybersecurity awareness training for their employees. Sharing passwords and no permissions management are typical bad habits for many small and medium businesses. 


When it comes to dealing with the aftermath of a cyber-attack, 54% of SMBs do not have an incident plan in place, with 20% stating that they would react if and when an incident occurred. 


Knowing how to safeguard your people and assets, avoiding exposing your business to threats like data breaches and phishing attacks, and being prepared to contain and respond to an attack, should it happen, can save your business time, money, and reputation. 



What can you do?


You can never get a hundred per cent guarantee that a cyber-attack won’t happen to your business, but the more scenarios you’re prepared for, the higher the chances of the attack having little to no effect on your business stability. 


Here’s a list of some basic things you can introduce in your company to tackle the threats:


Manage your users’ permissions. Ensure the right users have access to data essential for seamless work and decide who can edit, export, or delete files and records. 


Have all your software patched up and up to date. Managed cloud infrastructure is a perfect solution that ensures your apps, systems, and policies comply with the latest improvements. We would also suggest having a smart, responsive security layer to monitor your cloud or hybrid IT environment for suspicious activity and any incidents 24/7.


Back up all your data on a regular basis. Irrespective of what threats your business has to deal with, whether it’s a lost laptop or data breach, having a backup always gives you additional peace of mind.


Educate your users. 95% of cybersecurity breaches are caused by human error. Cybercriminals prey on unaware users who click a link in a shady email, share confidential data online by mistake, or use an infected device. Cover your basis and ensure your employees know how to behave in each situation. 


Enforce password policies, security policies or multifactor authentication. Single sign-on, biometric and passwordless logins are only some of the solutions you can implement to ensure only your users can access company files. It can be tricky to achieve the sweet spot where it’s difficult to log in for a bad actor, yet your users can easily access whatever they need to work effectively. Talk to a cybersecurity expert to ensure you hit it. 


Always anticipate attacks with incident response plans. Have a detailed plan and know how you’ll contain the attack and mitigate the damage. Ensure all your employees are aware of the plan and know what to do and whom to talk to if they spot anything suspicious.


Talk to an expert. We realise that implementing all the steps and finding the right software, solutions and training providers might be overwhelming, especially when you’re running the business at the same time. Instead of spending your time and money on upskilling and research, contact us at +44 1273 443644 to find a bespoke solution that suits your organisation.


Related Posts

Currently there are no related posts.