Whatsupp

WhatsUpp: how can I increase cyber security at my SME?

Jacob Mareen
By:
Jacob Mareen
insight featured image

You’ve very likely already received text messages or emails from cyber criminals pretending to be someone else, such as a customer or a government body. This is just one of the ways that you – and by extension your entire company – can fall prey to a cyber attack.

As an SME, are you in as much danger as a larger company? What are the potential consequences?  But above all: how can you protect your SME against cyber crime and protect your own data – and that of your customers? You’ll find the answers to these and other important questions in our new ‘WhatsUpp’.

Is it true that cyber criminals mainly target large companies and are less interested in SMEs?

It is a complete misconception that SMEs are less at risk than large companies. In your SME, you too are increasingly working with digital applications that contain customer data, financial data and other confidential information. This inevitably makes you a target for cyber criminals, whatever your sector or company size.

What is more, SMEs are often more vulnerable than large players because they have fewer resources with which to defend themselves. Cyber criminals know this and therefore deliberately target smaller companies. SMEs are often also a digital gateway to large companies’ data. If criminals hack your customer database, they can, for example, send emails to your customers and suppliers in order to obtain their data.

What consequences could a cyber attack have for my SME?

Cyber criminals use various techniques to strike, depending on their goal (stealing data, making quick money, etc.). One well-known example is ‘ransomware’ – software that locks your data until your company pays a ransom. If you pay this sum (which is often substantial), you not only suffer financial damage, but you also ‘sponsor’ the malicious practices of cyber criminals. They can use that money to make their methods even more effective, so it’s not a good idea to pay up.

Nevertheless, it can be tempting to pay cyber criminals. This is because if you don’t, there are also serious financial consequences as you can no longer work at full capacity. Not to mention the reputational damage you incur if you have to communicate publicly about your poor cyber security.

So there is really only one solution: preventive investment in cyber security.

Can I improve my SME’s cyber security even with a limited budget?

First and foremost you need to realise that there is no silver bullet against cyber crime. No solution offers you complete protection. But the larger your budget, the more effective the actions you can take. This makes sense. The first step, therefore, consists of understanding the risks, identifying the possible measures and then weighing them against your available resources.

If your SME has a limited budget for cyber security, be sure to spend some of it on raising awareness among your employees. Cyber crime training is a relatively low investment with a major long-term impact. Repeating these training sessions is crucial to keep everyone vigilant, though, because a single moment of inattention is enough to open the door to a cyber attack.

What measures can I take in addition to raising awareness?

Simply raising awareness among your employees isn’t enough. Here is a limited list of useful but not too expensive measures that you can also take to protect your SME against cyber criminals:

  • Strict access controls: give your data optimal protection with strong passwords, multi-factor authentication and access restrictions for the most sensitive data. The fewer people have access, the smaller the chance of data leaks.
  • Reliable security software: install security programs that quickly detect and respond to threats. These include antivirus software, firewalls and encryption tools that encrypt the contents of downloads, for instance.
  • Regular software updates: always use the latest version of your software and other digital applications. Cyber criminals often exploit weaknesses in outdated software.
  • Systematic back-ups: regularly (or better still, automatically) back up important data and store it securely in the cloud or another secure location. This prevents you from losing your data if criminals lock it.
  • Incident response plan: what if you still fall prey to cyber criminals? With an incident response plan in place you can limit the damage and the recovery time. The plan sets out the various responsibilities and steps if such an incident occurs.