Small businesses are most likely to be underprepared and underfunded for cybersecurity attacks. From DDoS to phishing, cybercrime happens in many forms, and sometimes it can’t be prevented.
Thanks to SMEs reliance on smaller, off the shelf or cheaper products can leave them open to risks. Rob May, Manging Director of ramsac, covers the best practices for SMEs to implement.
Multi-factor authentication
By using any kind of 2FA, no matter how clunky it feels, is imperative to set up any 2FA where it is offered. Apps like Google Authenticator, or Microsoft Authentication are great starting points, as well as using mobile number verification.
Any form of multi-factor authentication is a good form. By adding an additional form of authentication you can ensure that any unwanted breaches can potentially be prevented early on.
DDoS attacks
DDoS, or Distributed Denial of Service attacks overwhelm sites by pushing ridiculous and unexpected amounts of traffic to a site or service and cause it to crash temporarily or for longer. Most DDoS attacks last between 6-24 hours and cause damage of up to 25 thousand dollars per hour, according to Incapsula.
DDoS attacks can attack SMEs or common services SMEs use, such as Twitter and other social media sites. Ensuring extra bandwidth is available or creating a DDoS response plan and a general crisis communications plan. All these steps don’t prevent a DDoS attack but ensures you are prepared for the eventuality.
Education is key
One of the most important things any company can do to improve their cybersecurity is educate all staff. This includes board level staff, right down to any freelancers. Education on what a phishing email could look like, and how to alert any potential scams internally can help reduce the risk greatly. According to a 2016 survey conducted by Ponemon Institute, 22% of businesses blamed cyberattacks on insiders. Moreover, the same survey also revealed that 56% of businesses reported that the attacks were either by new hires or employees leaving the company.
From a report by Vormetric, 59% of businesses say that most often cyberattacks were a direct result of simple human errors. By educating your staff and ensuring the education is regular, this can prevent common attacks like Trojan Horse and similar malware attacks.
Using own devices
In SMEs where money can be short, employees will often use their own devices to access networks, make business calls or carry out Quality Assurance tests.
Businesses are vulnerable when any personal device is used to access shared networks or company files. As you cannot control what is placed on a device, it is important to have a policy that sets out your expectations and lets employees know what the consequences could be if they let a malicious item into the network.
Purchasing insurance that covers you from accidental cyber breaches can help to mitigate this, as well as education of employees.
Financially motivated
Hackers are becoming increasingly money motivated, with 71% of breaches reported to be financially motivated in 2020. Whether this is through financial harm by demanding a ransom for release, or by selling on your data, money has been a big driver.
Data is the new oil, and cost of certain data points increases exponentially. Whether being sold on the black market in bulk or used to purchase fraudulently on credit cards, there are plenty of monetary risks.
Written by Dan May, the Commercial Director at ramsac, an outsourced IT support provider helping growing businesses in London and the South East.
