phishing attempts to network-wide data breaches. It’s been a big year for cybercrime so far, and according to recent research from the Ponemon Institute, 66% of SMEs worldwide have experienced a cyberattack in the last 12 months.
Are SMEs an easy target for cybercriminals?According to the Verizon 2019 Data Breach Investigations Report, 43% of cyberattacks target small businesses because they have rudimentary protection. SMEs are an easy target and this is only going to get worse, especially with the rise in contractors and freelancers, as well as flexible working leading to increased risk with more devices in more locations. The problem is not just about the inconvenience but also cost. As research this year revealed, the cost of a data breach has risen 12% over the past 5 years and it is particularly acute for SMEs.
They’re getting more sophisticatedIn the study, companies with less than 500 employees suffered losses of more than $2.5 million on average. As businesses step up security measures to keep pace with digital transformation projects, cyberattacks grow in sophistication and abundance. Potential data breach fines from The Information Commissioner’s Office (ICO) are now reaching levels that could put smaller enterprises out of business. So, there’s never been a more important time for SMEs to have the right cybersecurity strategy in place.
What is digital transformation?Digital transformation is the process of using digital tools and processes to create new or modify existing ways of doing business. This is an expansive undertaking, as it involves digitising internal systems like payroll and HR, as well as customer experience and company culture so that the entire business is digitally savvy and connected ?regardless of physical geographies and actual offices. This opens doors for SMEs to simplify, automate, and streamline business operations which can cut costs and labour hours. It also facilitates remote working so employees can flexibly and efficiently get work done outside of the traditional 9 to 5 corporate culture. Digital transformation projects can be modular, starting with one process, measuring its impact and success, and then rolling it out to other functions.
Investing and innovatingFor example, an SME might allocate a modest budget to digitise the sales process using tools that make it easier for sales staff to put in their pipeline, customer conversations, and invoicing. Once that system is accepted and implemented into operations, the same SME could roll out the digitisation of the customer journey, HR, payroll…the opportunities are endless. Digital transformation hinges on cloud technology, as data and systems are usually housed on the cloud for easy access anytime, anywhere.
Collaboration is keySecurity risks abound when data isn’t siloed in a physical server but resides freely in the cloud. One of the key drivers for implementing digital change is delivering cost savings and revenue growth but this is only achievable if financially-savvy employees are spearheading the change. Ahead of carrying out a digital transformation project, it’s important to collaborate with all departments to create a joint strategy and establish a change team responsible for delivering the change. By adopting a collaborative approach, organisations can leverage the skills and expertise of employees, and gain a true understanding of current operation to establish a clear vision for the future. Digital transformation projects will almost certainly fail unless you take your people on the journey with you. There’s also the issue of onboarding and training staff because, believe it or not, most security breaches happen due to human error.
Educate your employees’ about cybersecurityProtecting company and employee data and assets is a multi-pronged challenge. However, getting the basics of cybersecurity right involves putting employee devices, with advanced security features, at the very heart of a business” cybersecurity strategy. Not only this, but employee education is equally important.
Insider threatsAccording to research from Code42, insider threats caused by current and departing employees expose companies to breaches and put corporate data at risk. Recognising that employees are the power behind any organisation, companies are increasingly implementing strategies for collaboration to make information sharing easier than ever. Unfortunately, some organisations have not put inappropriate detection and response data security controls, and instead, simply trust employees to keep data safe.
Being ‘casual’ with dataHowever, this trust is frequently abused. The study showed that employees take more risks with data than employers think which leaves businesses open to insider threat. For example, rather than sticking to company-provided file sharing and collaboration tools, one in three business decision-makers also use social media platforms, such as Twitter, Facebook, or LinkedIn, 37% use WhatsApp, and 43% use personal email to send files and collaborate with their colleagues. This opens businesses up to potential external threats that are practically untraceable. Over three-quarters (78%) of chief security officers and 65% of CEOs admit to clicking on a link they should not have, showing that it’s not just fresh grads that struggle with these issues or lapses in judgement. These types of risk-based actions are why half of the data breaches that companies admitted to experiencing in the previous 18 months have been caused by employees.
Departing employeesWhile most employees try to leave their jobs on a positive note, chances are they are taking more than just memories when they leave; they?re also pocketing proprietary data… Equally as concerning as departing employees are incoming employees who bring data from their prior companies. Two in three employees admit to bringing data from past employers to their new jobs. What’s more, most employees today feel entitled to personal ownership over their work. In fact, a large majority of information security leaders (72%) agree: “It’s not just corporate data, it’s my work and my ideas. In addition to enforcing awareness training, implementing data loss protection technologies and adding data protection measures to on and offboarding processes, SMEs can also stay ahead of insider threats by launching transparent, cross-functional programmes.
Security tools to safeguard businessesTraditional security software is the first step, but when you run most of your systems and processes using cloud technologies, you?ll need to look into powerful, cloud-based firewalls. Avast Business Secure Internet Gateway (SIG) is one such tool for SMEs that are on their digital transformation journey…on a budget. The system is run completely on the security software company’s own global cloud network, making sure that your network security is always on, always updating, and always protecting your business.
Our opinionAt Avast Business, we believe this is the first time that small and midsize businesses have ever had access to an enterprise-grade security network that fits their budget. It solves a real need in the marketplace to deliver a service that MSPs and MSSPs can offer without the headaches and extensive security limitations of on-premise appliances. This means that even small businesses can protect their data and processes just as larger enterprises do, without the added cost and technological burden of on-site systems. The tool also lets small businesses monitor threats from a single dashboard and easily deploy layered, enterprise-grade security. It also allows for a remote support function that can connect securely to any device in your business to resolve issues remotely. Learn more about Avast Secure Internet Gateway here.
Share this story