Fullscreen Menu - Background

Subscribe to SME News Search for an article Our amazing team

Ground Floor, Suites B-D, The Maltsters,
1-2 Wetmore Road, Burton upon Trent
Staffordshire, DE14 1LS

Background
Posted 25th March 2024

How Can SMEs Mitigate the Cybersecurity Risks Associated With Their Business?

Cybersecurity has become paramount to businesses of all sizes, but SMEs frequently lack the tools and resources to manage the ongoing threat.

Mouse Scroll AnimationScroll to keep reading
Fixed Badge - Right
how can smes mitigate the cybersecurity risks associated with their business?.


How Can SMEs Mitigate the Cybersecurity Risks Associated With Their Business?
security document information business login file folder,

Cybersecurity has become paramount to businesses of all sizes, but SMEs frequently lack the tools and resources to manage the ongoing threat. And with the number of cyber-attacks increasing – 1,351 incidents, affecting 2,241,916,765 breached records, were detected in 2023 – it’s more important than ever for small and medium-sized businesses to access the protection they need. 

So, what are the core areas that SMEs should be focusing on to help protect their businesses?

The primary cybersecurity threats faced by SMEs

One of the reasons that managing cybersecurity can be so difficult for SMEs is that attacks can take a variety of different forms, and risks can come from a number of different places. While most companies are aware of the most common cyber threats – phishing, malware, ransomware, spoofing, insider threats, and even code injection – new forms of attack are being developed every day. And employee behaviour and company policies can make their admittance so much easier.

In 2023, 86% of web application attacks arose from compromised login details and poor password protection. Some of this will be due to inadequate training as well as individual laxity. But other problems are derived from changing working habits – while bring-your-own-device policies are considered to be more cost effective for a business, and work from home has become standard policy, they both expose businesses to risk through the use of unsecured networks. And then there’s the issue of third-party legacy access to external SaaS platforms, which is surprisingly overlooked by many businesses even though it can lead to a range of potential problems, including espionage and reputational damage.

Why most businesses overlook the risk of legacy access

In contemporary business, there are a number of operations that are outsourced . Marketing, social media management, IT management, sometimes customer service and administrative tasks – and all of these require third-party access permissions. While access to inhouse systems will typically be tightly managed, it’s the SaaS and social platforms and external channels that tend to be overlooked. Partly because they are not viewed as core operational infrastructure, but also partly because it can be challenging to keep track of who has access to what and when, especially as most social channels force people to use their personal profiles to access ad accounts and pages rather than IT controlled systems and password vaults. So, when an employee leaves or an external agency reaches the end of its contract, there’s no simple way to rescind their access – or even to monitor who is accessing these third-party platforms. And this raises a range of significant problems.

The risk of legacy account access

What happens when a disgruntled ex-employee or a terminated agency realises that they still have access to your business’ social media accounts? In most cases, nothing. But increasingly, access has the ability to be weaponised. Several high-profile cases have hit the headlines in the last few years, from the leaking of Twitter’s source code by a fired employee after Elon Musk took over, to the X-rated name-calling on Burger King’s Twitter account. While these events left room for recovery, for many, the reputational damage can be devastating. There’s also room for sabotage, with those with account management access potentially blocking genuine users from the account, the theft of scheduled content – including the leaking of offers to competitors – and the misappropriation of funds. Social media advertising budgets can be enormous. But when you allow the wrong people to have continued access to your account, you can risk the account being drained.

How can businesses address the most common cybersecurity threats?

In most cases, enhanced cybersecurity comes down to four things:

Training – If your employees know what to do, how to recognise potential threats, the right protocols to follow, then cybersecurity risks are dramatically cut.

Secure networks – When you have strong network security – firewalls, intrusion detection systems, encryption, access controls, and user authentication – in place, it makes it harder for unauthorised people to gain access. This can prevent data breaches, malware, and other cyber threats.

Multi-factor authentication – Passwords are easily lost and stolen. Having multi-factor authentication in place means that there’s always a second or third layer of protection for sensitive accounts.

Controlled access permissions – Marketing channel access permissions are often overlooked because there are so many different platforms, variables, and login types involved. Working with a platform that can provide a clear overview to all of your access permissions and a single point of access to all of your external and SaaS platforms enables simple management.

When a cybersecurity event occurs, it raises masses of questions for a business. Who is to blame? Who should be held accountable? And how can the problem be both fixed and prevented from happening again? In all of these cases, prevention is always better than cure, and it’s time for small businesses to really scrutinise their cybersecurity practices.

Categories: News, Technology


You might also like...
What the Changes to Google Consent Mode Mean for Digital MarketersLegal & Compliance31st January 2024What the Changes to Google Consent Mode Mean for Digital Marketers

As the European Commission establish it's Digital Markets Act, users of the so-called 'gatekeeper' organisations like Google, Amazon, Apple and Meta, must implement Consent Mode after the 6th of March 2024 or be handed severe fines.

New Research Highlights Impact of High Inflation and Interest Rates on Small British BusinessesFinance3rd April 2024New Research Highlights Impact of High Inflation and Interest Rates on Small British Businesses

New research by Geek Retreat reveals that more than half (55%) have had to increase prices for customers in the past two years due to inflation, compared to 37% who said that this hasn’t been the case. 

SME News Media Pack

Every quarter we offer a new issue of SME News which is published on our website, shared to our social media following and circulated to in excess of 78,000 individuals from various sectors across the UK SME marketplace.

  • TickExpand your reach.
  • TickGrow your enterprise.
  • TickSecure new clients.
View Media Pack
Media Pack - Bottom Slant Gradient
we are sme.
Arrow