Cybersecurity, Policies and Training

The Looming Cybersecurity Risk for SMEs

Cybersecurity is one of the top concerns globally for many today. Cyberattacks originate from both organized criminal groups and nation-states, and they target critical infrastructure, government agencies, and businesses daily. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even issued a warning recently that Russia’s ongoing invasion of Ukraine could lead to increasing state-sponsored cyberattacks.

Several statistics show how dire the cybersecurity threat has become. According to The Computing Technology Industry Association (CompTIA), a trade association for IT professionals, the business cost of cybercrime rose 10% in 2021 compared to the previous year, and the average cost to a business per data breach was more than $4 million per incident. Globally, there are more than 26,000 cybersecurity incidents per day.

These are just a few examples and are a sobering reminder of the looming threat of cyberattacks. However, it should be noted that such attacks target not only government platforms and large global businesses, but small and midsize enterprises (SMEs) as well. Indeed, no organization is “too small” to fly under the radar of hackers.

But SMEs—defined as businesses with fewer than 500 employees—are underserved when it comes to cybersecurity technology, according to McKinsey. The firm notes that SMEs often struggle to adequately defend themselves against cyberattacks due to having much smaller budgets than larger global enterprises, as well as difficulty in finding and hiring skilled cybersecurity personnel.

It might seem like SMEs face a daunting task in becoming as resilient to cyberattacks as their larger counterparts. But even with smaller budgets, fewer resources, and less internal security personnel, SMEs can still take vital steps to improve their cybersecurity capabilities and strengthen their defenses against cyberattacks. Here are a few steps:

Education and Training

People play a critical role—perhaps the most critical role—in cybersecurity at all businesses large and small. The vast majority of cyberattacks begin with successful phishing attempts or social engineering attacks that convince personnel to give access to vital data. Attackers will pretend to be third-party vendors, coworkers, or even the CEO of the company, requesting access to certain systems. By training employees on how to spot and report these attacks, SMEs can cut off cyberattacks before they begin.

Third parties that SMEs work with should also be thoroughly vetted. Cybercriminals often target both employees as well as clients of businesses with phishing emails, CEO fraud, and other scams, such as sending fake invoices.

Proper Security Processes

It’s important to make sure that all security software that is in place is up to date, as well as all web browsers and operating systems. Make sure that firewalls are installed and that all access to computers and other devices is monitored. For employees that work remotely, securely monitor and protect any work-related devices they use.

Regularly back up all data on all devices that contain vital business information. This should, ideally, be done automatically on a regular basis. Barring that, data should be manually backed up at least weekly and stored securely off-site or in the private cloud.

One aspect that is often overlooked is password security. Unfortunately, most people tend to choose simple, easy-to-remember passwords. This also makes them easy to hack. Make employees choose strong passwords, and require that they be changed every 30 to 60 days.

Implement the Right Technology

SMEs can’t spend as much on cybersecurity technology as large global enterprises, but they can spend wisely. Working with an agile technology provider that can help SMEs scale quickly with a quick and seamless integration process, while identifying the most critical areas that need to be protected, means businesses can make limited resources go a long way.

AI-powered technology that monitors and detects threats before anything damaging occurs is also an important aspect of cybersecurity. Luckily, such technology is readily available today and well within the budget range of smaller organizations.

The cybersecurity threat never stops, and criminals are continually plotting and launching attacks 24/7. But with the proper training, processes and technology in place, SMEs can be assured they are well protected in today’s evolving threat landscape.

Ohad Jehassi, CEO of Airiam, offers 15+ years of leadership expertise in sales and marketing, achieving successful revenue, profit, and growth objectives within start-up, turnaround, and scaling companies. He has built and led POS, FinTech, payments, SaaS, and MarTech companies, including M&A, deal-making, and capital raising experience in public and private sectors.