Small-to-medium-sized businesses (SMBs) play an incredibly important role in economies worldwide. They work hard to make sure everything keeps ticking over. According to recent Kaspersky research, 43 percent of SMB leaders said they chose to keep people working at any cost during the pandemic.
But keeping their staff involved wasn’t the only big challenge of the pandemic. 53 percent of small businesses prioritized new technologies that would let them keep working. One of those technologies is cybersecurity.
When cyberattacks on large organizations and big brands often make headlines, you might imagine small businesses escape cybercriminals’ attention, but that’s not the case. And the damage can be costly: In 2020 the average cost of a data breach for SMBs was 101,000 US dollars.
The good news? More SMB leaders are taking cybersecurity seriously and successfully reducing the impact of attacks. The same research found a rise in SMB spending on IT security budget, now averaging 275,000 US dollars a year, and improved speed of detecting attacks. 62 percent of SMBs even said cybersecurity was one of their priorities. SMBs recognize the deeper consequences of brand damage done by a major attack, and the financial value of preventing attacks and detecting them early.
Cybersecurity on a budget
Security for your small business — fast and cheap or at no cost at all.
Why cybersecurity matters for small businesses
The costs of overlooking the problem will only grow. Malware doesn’t distinguish between its victims and even small organizations have something to lose.
Andrey Dankevich, Solution Business Lead, Kaspersky
Attacking smaller businesses can be attractive for cybercriminals because they believe big businesses are more likely to have cutting-edge security. Big business might be a lucrative target, but it’s also more challenging. Most cybercriminals are opportunists – they go after easy money.
Every organization has something cybercriminals want, including payment data, personal information and intellectual property. Small businesses are collecting more valuable data than ever before, so they’re becoming more attractive targets.
Smaller business may have no IT specialists on-site, rely on managed service providers (MSPs) or even just basic consumer tech know-how to get by. Without cybersecurity infrastructure and expertise to protect valuable data, attackers will find a way in.
Perhaps SMBs are increasingly paying attention to cybersecurity in part because robust cybersecurity for small business is now more affordable. You no longer have to break the bank or divert resources from innovation to secure your business.
People are the biggest factor in cybersecurity
Ask any employee, “Who in the business is responsible for cybersecurity?” They’ll probably say IT or management. But the most secure businesses are those that foster a culture of cybersecurity as everyone’s responsibility. That’s because behind a high proportion of cyberattacks is an employee making a simple mistake thanks to social engineering.
Cybercriminals prey on human error because it’s easier than exploiting technology. It’s faster and easier to manipulate someone into giving away login credentials than to break encryption or crack passwords by trying every possible combination.
Most cybercriminals don’t even have much technical skill. They rely on social engineering tricks and malware bought on the dark web.
The only way to stop this is to ensure your employees are aware of the cybersecurity landscape. Your accounts or HR teams needn’t understand the complexities of encryption and security protocols, but you can train them to recognize social engineering threats like phishing emails and common security risks like weak passwords. Include everyone in an ongoing, interactive security awareness training program to prepare them for the risks they’ll face. You’ll be doing your business a favor and helping employees stay cybersafe at home too.
What basic protections should SMBs have?
Perimeter defense is the foundational level protection. Like the walls of a castle, it’s there to keep out the bad. Today, it’s about more than protecting internal networks with firewalls and antivirus software. Data systems go beyond in-house servers and workstations to mobile devices used for work and cloud-hosted resources.
Hardware is becoming increasingly meaningless in small business environments, transitioning to cloud computing and managed services. As a priority, protect your online accounts and all devices – known as endpoints.
Getting protected isn’t as daunting as it may seem. Alongside or instead of in-house IT managers, small businesses may use managed service providers (MSPs) offering tailored security services, including managing antivirus software, installing firewalls and protecting email from malicious content.
Security by layers
Castles have more than just walls to protect what’s inside. Many are built on hills for defensive advantage. Others have moats or ditches for another layer of defense. If an attacking army gets through the walls, troops inside provide a last line of defense. The same applies to information security: Perimeter defense is just the first barrier. A single point of failure would leave your business vulnerable.
Multilayered security means making your information safer by using multiple security solutions together. For example, a firewall helps prevent malicious code from reaching your network, antivirus software protects each device connected to the network and encryption protects data in storage and when sent across the internet.
These are all relatively easy and cheap to implement and are now standard with many business-grade IT systems. They help protect your business, but you also need cybersecurity training and expertise.
Small business owners must take information security seriously, but that doesn’t mean it should be a burden or a blocker to innovation. It adds value to your business in a time when customers consider data privacy a high priority when choosing who to do business with. By combining the right policies with cutting-edge technology, you can bring your business closer to achieving immunity from cyberthreats.