Home » News » Cybersecurity isn’t a priority for SMEs, Right?

Cybersecurity isn’t a priority for SMEs, Right? Change Your Strategy!

Authors: Salah Albenjasim, PhD Researcher, Prof Haifa Takruri, Dr Tooska Dargahi

SMEs business owner might encounter a kind of thinking like: “No one needs our data since we’re such a small business and we’re not generating hundreds of millions of dollars in profit here.” Similar to heading off to work and leaving your home door unlocked all day on purpose, the longer you ignore it, the more likely it is that cyber attackers would target your firm and potentially gain access.

Cybersecurity and your small business are interlinked because of the impact of culture. Cyber security statistics shows that 43% of cyber-attacks target SME businesses, and 60% of these SMEs that fall victims of a cyber-attack go out of business within six months. Moreover, Cybercrime costs SMEs more than $2.2 million a year.[1] Cyberattacks against many SMEs may be traced down to a single click on a link in an email message. Even if you have the most up-to-date cybersecurity solutions, it may not be enough. So, what can a small business do to rise to the challenge?

[1] https://www.fundera.com/resources/small-business-cyber-security-statistics

Cybersecurity culture

Examining your company’s cybersecurity culture is critical when implementing new control measures. How do people feel about making changes, and how do they feel about cybersecurity? Is the company’s leadership willing to support cybersecurity to ensure its success? You need commitment, an overall view, and a lot of work for a cybersecurity culture to succeed. Following the advice in the NCSC’s Small Business Guide will significantly increase your protection from the most common types of cyber crime.

Staff attitude

There’s no doubt that people shape business culture. In light of this, how do your staff like to learn, how do they perform at their best, and what do they enjoy? They may be drawn to a stable and predictable environment, as well as straightforward and open communication. Therefore, while implementing a new cybersecurity programme, it is essential to convey the company’s core values to every employee from day one. These values should illustrate what matters most to your team and the security principles you’ll seek to maintain as you grow. Promoting secure values to the whole team can foster a good work environment and inspire people to establish a responsible bond to protect your firm.

Defined operation

Emails from fellow workers asking for employees’ details or those advising that your bank information needs to be updated because a system is being changed may be phishing emails attempting to appear as legitimate business correspondence. If there is no robust procedure in place that clarifies the business operations, employees are more likely to fall victim to these frequent phishing emails. Scammers send fake emails to thousands of individuals seeking for sensitive information (such as bank details) or include links to malicious websites. They might be attempting to deceive users into transferring money, stealing personal information to sell on, or gaining access to company’s data for political or moral purposes. The cybersecurity culture will be shaped in large part by the policies that are in place. Employees are expected to meet the standards outlined in the company’s cybersecurity guide and understand what information they should handle. Five quick and easy steps outlined in the NCSC’s SME guide could save time, money and even your business’ reputation.

Technology literacy

Technological developments are vital. Having cyber-secure technologies may help reduce the risk of cyberattacks. However, technology alone will not make the staff truly productive and secure unless they are properly trained on how to use it. It might be a stressful task when introducing too many new technologies at once. Employees appreciate stability and consistency while they are trained, so this should be considered while adopting new technology.

Cyber risk assessment

Risk assessment helps companies discover, manage, and safeguard the information that may be under the threat/at risk of cyber-attack. To safeguard the business’s assets, this analysis needs to be done to identify resources, evaluate risks, and devise a strategy for establishing security measures. To avoid or decrease security incidents, it is critical to identify and mitigate security risks. Recognizing an organization’s weaknesses gives a better view of where to concentrate the protective efforts. You may also review and adopt one of the cyber risk assessment frameworks and standards such as NCSC[1], NIST[2], ISO27001[3], COBIT[4], Cyber Essentials[5], etc. These are techniques that are documented with the aim to safeguard the business cyber environment and to lower cyber risks and attacks. They include tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies.

[1] https://www.ncsc.gov.uk/

[2] https://www.nist.gov/cyberframework

[3] https://www.iso.org/standard/73906.html

[4] https://www.isaca.org/resources/cobit

[5] https://www.ncsc.gov.uk/section/products-services/cyber-essentials