Highlights:

1. Installing IT security measures and antivirus software on all devices ensures data protection.
2. Implementing multi-factor authentication strengthens organizational security at a reasonable cost.
3. SMBs should align cyber policy, procedures, and product selection to address evolving threats effectively.

With most small and medium-sized businesses (SMBs) around the world still operating on a hybrid format, protecting company data is more important than ever.

In the digital age, there is a high price on personal data, and with the personal information SMBs have collected from their employees and customers — simply through email chains alone — employers have a responsibility to keep that information safe from data breaches. Threat detections are up 20 percent year-over-year, and web threats have risen by 28 percent. With Outlook login phishing forms sent via email rising by 68 percent, it is high time to take action.
 

Furthermore, according to new data from a recent survey conducted by ESET, a cybersecurity company, 74 percent of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than bigger corporations. While these decision-makers are concerned about the possible implications of an attack – most notably loss of data, financial impacts and loss of customer confidence and trust – seven out of every 10 businesses surveyed admitted that their investment in cybersecurity has not kept pace with recent changes to their operational models (i.e., hybrid working).  

The survey also identified the top three challenges identified by SMBs in North America:

1. An inability to keep up with the latest cybersecurity threats;
2. Keeping up with the latest cybersecurity approaches and technologies; and
3. Budget limitations/lack of investment in cybersecurity

But we are at a point where SMBs can no longer afford to ignore cybersecurity, and they should be taking the following steps to protect their data and that of their customers.

Perform a Risk Analysis  

We sometimes see a disconnect when people are not fully aware of the threats their organizations face from cybercriminals. Any organization that is serious about cybersecurity should perform a risk analysis to determine both what digital assets are at risk and the level of risk they face. If a firm is not aware that criminals can sell its customer and employee data for good prices on black markets with little chance of arrest or make money by renting out its hijacked servers for use in malicious activities, then that company is probably underestimating its cyber risks.

Educate Employees on Cybersecurity

Unfortunately, SMBs are not familiar with the concepts of ransomware, social engineering and two-factor authentication, even though these are hot topics in cybersecurity right now. Given how important SMBs are to the local, national and international economies, the implications of a hack are serious — many of them would be unable to function for more than a few days without access to their data, and some would have to cease functioning immediately. An encouraging 88 percent of employees place a strong emphasis on “training on your company’s IT security procedures.” Yet much work remains to be done.

Have a System in Place for Backing Up Company Files

Until you are hit with ransomware or suspect insider malicious activity, it is hard to realize just how important effective backups are. Some software suites even give you the ability to replay file deletion, copy, or exfiltration for some extended period of time, in case one of your employees or contractors steals information. Companies do not need vast enterprise-level offerings; they can start simple and grow over time, if need be. The main thing is having something.

Have IT Security and Antivirus Installed on All Devices

This is the most basic security measure a company can take to protect employee and customer data, and most employees would agree. This is also a method of making employees feel safe with their client's information, and their own, for what is usually an inexpensive solution.

Multi-factor Authentication

Whether using hardware tokens or credential management software, this is cheap, and anyone can do it. USB security devices, for example, are less than $50 and are very good these days. Same with software that provides similar functionality; it does not cost much and will harden your organization significantly. And the software these days is far easier to understand – you will not need a postgraduate degree in cryptography to push a few buttons to make it work.

With clear evidence that the risk of cyberattack increases with revenue growth, there is a definite need for SMBs to keep improving their awareness of threats and their ability to deflect them. And there is plenty of room to better align cyber policy, procedure, and product selection with the full range of threats because the threats are unlikely to diminish any time soon.

Author Bio

Tony Anscombe is the Chief Security Evangelist with ESET. With more than 20 years of security industry experience, Tony is an established author, blogger, and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and internet safety. His speaking portfolio includes industry conferences RSA, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit, and the Child Internet Safety Summit.

Error: No such template "/CustomCode/topleader/category"!