Early this year, the Federation of Small Businesses (FSB) claimed that small firms are unfairly carrying the cost of cybercrime in an increasingly penetrable digital economy.
The report, ‘Cyber Resilience: How to protect small firms in the digital economy,’ states that small to medium sized businesses (SMBs) are collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion. The call to action? Bigger organisations need to support the smaller companies to protect against these attacks.
When trying to protect themselves against malicious attacks on their networks, small businesses will find themselves in a David versus Goliath situation. There is an industry call for more support from larger organisations to help smaller businesses put more robust security measures and strategies in place. However, no business should rely on the actions of others. It’s too easy to let others fight the fight without getting your hands dirty, and in the world of business, this approach is ineffective. No matter their size, small businesses need to take proactive steps to protect their assets from cyber-criminals.
Take matters into your own hands
Yes, a collaborative front against cybercrime puts all businesses in good stead for protecting themselves from security breaches, however it means each and every organisation needs to play its part.
Take the famous 2013 Target data breach in the United States for example. This occurred because a subsidiary organisation – three times removed in the supply chain to Target – was in fact breached. It could be as simple as not updating operating systems. You’d be surprised at how many small businesses are still running old operating systems, such as Windows 2003, on their IT networks. Any servers still running this programme cannot host new antivirus software and remain unpatched, so are vulnerable to attacks.
For SMBs, fighting cybercrime can be daunting and often confusing. However, there are simple ways to start implementing internal protection against threats.
- Identify where the value lies: if you don’t know what is in your safe, what’s the point of having one? Every business will have something that people want, whether it’s customer data sets, financial information or connectivity to larger organisations. Businesses of all sizes should locate and identify where their value resides, control the flow of access to this information and create a more robust security strategy around this.
- Place responsibility on employees: SMBs should keep a closer eye on educating their employees in order to prevent data breaches. Increasingly, ‘human error’ is becoming the biggest threat to the protection of an organisation’s data assets – seemingly harmless emails sent with data that shouldn’t be shared, such as sensitive documents and credit card details. Data Loss Prevention (DLP) solutions can be used to prevent this by blocking the emails beforethey are delivered to the employee. The systems alert the IT team, who should then review the content of the email and the intended recipient before allowing its delivery.
- Partner with a professional: most organisations are going to have limited skillsets and bandwidth internally, so might struggle to ensure there are enough security processes and policies in place for adequate protection. By partnering with a specialised organisation which provides a Managed Services Offering, the SMB can be confident all the necessary steps have been taken to protect themselves.
Working with the big guys
Businesses, both large and small, need to ensure their relationship is a closer and more symbiotic one. While sharing intelligence might seem obvious here, services and solutions can also be shared.
Traditionally, smaller businesses will tend to opt for smaller security offerings because that is all they have the budget for. However, this is not always the best solution for the business. An effective way for large and small businesses to work together to bolster cyber security defences is to share costs.
While collaboration is definitely one of the keys in the fight against cyber-attacks, every business needs to be doing everything they can to put the most effective processes and solutions in place to protect themselves and their partners. SMBs can’t sit back and let larger organisations do the work.
Stephen Love, Security Practice Lead – EMEA, Insight
Image source: Shutterstock/lolloj