Cybercrime is one of the biggest threats facing every business today. Data is increasingly valuable to hackers, while techniques such as the use of ransomware are proving to be relatively straightforward ways of extorting money from firms.
Indeed, research by Accenture notes there has been a 67% increase in security breaches over the last five years, with ransomware, malicious insiders and web-based attacks being the fastest-growing threats in 2019.
But it's not just large enterprises that are at risk. Small and medium-sized firms are also frequently under attack by hackers and, without the resources of their larger counterparts, they may find it especially tough to respond. So what can SMEs do to address these threats?
Smaller firms underestimating their risk
The first step is to build awareness. One of the biggest issues for many small businesses is they don’t appreciate their true level of risk. Often, there’s an assumption that the information they hold won’t be especially valuable and that hackers will be focusing their attention on larger, more lucrative targets.
For instance, one survey in 2019 found only 12% of US SME leaders recognize that an attack is very likely regardless of the company size. Meanwhile, only 9% rated cyber security as the most important aspect of their firm's operations, while just one in five (21%) considered it to be a threat to their business.
In fact, two-thirds of businesses have fallen victim to a cyberattack and smaller companies are particularly likely to be targeted as they’re seen by hackers as having weaker defenses.
The consequences of a cyber incident
If firms fail to appreciate their risk and do end up falling victim, the consequences can be severe. For instance, one study by insurance provider Hiscox estimates that such incidents cost small firms an average of $200,000. With four in ten organizations experiencing multiple incidents, this is often an unsustainable expense.
Indeed, some estimates suggest as many as 60% of SMEs go out of business within six months of experiencing a cyberattack, and this may not necessarily be down to the direct cost of getting a firm up and running again.
For instance, ransomware can be particularly devastating to smaller businesses. Even if they can afford to pay the hackers - and many can't - there’s no guarantee access to data will be restored, and without this business-critical information, a firm may have no choice but to close its doors.
Even if firms can recover from the incident itself, repairing the long-term reputational damage can often prove impossible. In an age where any customer can find out about a cyberattack with a quick Google search, a failure to protect private information can be seen as an irreversible breach of trust and persuade many new and potential customers to take their business elsewhere.
Key best practices to reduce your exposure
However, there are a range of steps small businesses can take to reduce their risk of falling victim to hackers, and these don’t have to be expensive or time-consuming to implement. Here are five key things every firm should be doing to stay safe:
1. Improve your passwords
Weak, repeated or easily guessed passwords are a factor in 40% of SME hacks. The use of password managers can reduce these risks.
2. Train your employees
Make sure your staff know to be on the lookout for phishing scams and treat any incoming emails with suspicion - even if they appear to come from recognized contacts.
3. Update your systems
New vulnerabilities are being discovered all the time. Therefore, it's vital you always update your IT applications to the latest versions, as poor patch management is a common cause of data breaches.
4. Back up your data
To protect against threats like ransomware, ensure all your critical data is automatically backed up regularly and stored away from your primary systems - either offsite or via the cloud.
5. Secure physical access
All the software defenses in the world can't help you if someone can walk into your server room and plug in directly or steals a laptop containing valuable data. Physical security is a vital part of defending against data loss so it must not be overlooked.