We all know that small and medium sized enterprises (SMEs) are the lifeblood of our economies and I have had the fortune of working to either protect them or their finances for many years now. What is surprising is the number of SMEs who are still either unaware of the risks in today’s digital age, or simply haven’t got the time or resources to protect themselves against increasing cyber and fraud attacks.
SMEs have limited resources but they have valuable data and whilst they don’t always have huge revenues to pay for ransom payments, they are a hugely attractive target for cybercriminals and fraudsters. Understanding and implementing fundamental cyber security practices is no longer optional; it’s essential for the survival and growth of an SME business.
The threat landscape
The cyber threat landscape is growing but some threats are more common for SMEs including phishing, malware and ransomware. However, there is a specific risk around Authorised Push Payment (APP) and Business Email Compromise (BEC) fraud. These attacks can cripple operations, lead to significant financial losses and damage an SMEs reputation.
So what can you do about it? It’s all about basics and awareness!
Here are my four top tips:
1. Employee Awareness and Training
The first line of defence against cyber threats, especially fraud, is your staff. Educate your team on the importance of cyber hygiene. Simple steps like identifying phishing emails, secure browsing practices and not over sharing sensitive information can dramatically reduce your risk. When paying suppliers make sure you double check all details, especially when you or your staff see red flags like changed bank account details, or any mismatch between the banks account destination and where you think your supplier is.
2. Password Hygiene and MFA
Enforce strong password policies across your organisation. Encourage the use of pass phrases and implement multi-factor authentication wherever possible. It’s a simple step that can prevent many attacks. I can’t stress enough how important it is to enable a second factor by simply using a phone app such as google authenticator. This also holds true for anyones personal accounts online. Whatever it is you want to call it – MFA, 2FA, 2-step verification etc…. Just make sure it is enabled.
3. Regular Software Updates
Keeping your operating systems, applications and any other software up to date is crucial. Many cyber attacks exploit vulnerabilities in outdated software. Set your systems to update automatically wherever possible. If you use an IT Service provider to outsource your IT, make sure you have a quarterly service review meeting and make this one of the items to check.
4. Basic Cyber Hygiene
Implement regular data backups to ensure you can restore your information if it’s compromised. This is now super simple in the world of cloud computing. Again if you have an outsourced IT Service provider, make sure they take appropriate backups of your data and that this is properly protected and segmented. If you have remote workers who work from co-working spaces, cafes or other public areas, consider using a VPN.
Cyber security might seem daunting and super technical, but the reality is that for an SME starting with these fundamental practices can significantly protect against common threats. Remember, most cyber criminals go after the ‘low hanging fruit’ and taking these simple steps can create secure environment where your business can thrive. It’s about taking one step at a time.