Small businesses are the backbone of any nation’s economy. Historically big enterprises depended on small businesses for producing spare parts, performing jobs to keep the cost low of their products.  In the era of digitization big organizations, except for their core business elements, outsources almost all jobs to Small and Medium-sized Enterprise (SME). This includes accounting, marketing, financial management, credit collection, employee /HR management, etc.

The research reveals these SME are not paying attention to the cybersecurity as they are supposed to be paying. The general attitude of SME is their size will not attract the attackers as the hackers are always after big fish. However this not true. The following graph from the Ponemon Institute’s survey report “the State of Cybersecurity in Small and Medium-sized Businesses” which was sponsored by Keeper Security.  Indicated that attacks on SMEs have increased by 6% than 2016 and data breach has increased by 4%. The same report also concludes “Cyber-attacks are more costly. The average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption to normal operations increased from $955,429 to $1,207,965”

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack.

What needs to be watched?

SMEs are have limited resources and capabilities and hence they need a focused approach to cybersecurity. We have identified following five areas that SMEs should put in concentrated efforts to stay protected.

1. Spear Phishing – This is targeted attack and this uses e-mail with an attachment or links embedded into the e-mail body, the e-mail body text creates the sense of urgency in the mind of the recipient. The attackers usually know some personal information about the recipient including their name or where they live. This makes the recipient less likely to delete the email. These emails are often sent by criminal hackers because they may want to steal credit card or bank account information
2. Ransomware – The ransomware attacks are growing drastically we have already witnessed the global impact of these attacks at the first two quarters of this year. These attacks take advantage of the vulnerabilities present in the system and encrypt the data and ask for the ransom amount to provide the decryption key. The ransom amount asked to be provided in bitcoin format to avoid the tracking of the transactions.
3. Virus Attacks – This age-old problem, attackers take advantage of updated of the Antivirus solution clients or signatures. These virus infections can use infected systems not only to send the data to C&C (Command & Control center) but these systems can be used as BOT or zombie to  be part of larger attacks
4. Security Awareness – The budget and employee iteration rate, the security awareness is not part of the SME business priorities. More details on the consequences of not security awareness please refer “Getting Smart and Safe with Security Awareness”
5. Update and Upgrade – Keep the operating systems and applications patched up with vendor provided patches for the identified vulnerabilities. The root cause of the global ransomware attacks was unpatched systems

How to protect your business?

SMEs needs to manage the available security budgets wisely. Following are the simple steps SMEs can take to protect data.

1. Spear Phishing – Enhancing e-mail security by opting for the e-mail Security as a Service. This will make the expertise and skill available at the lower cost. These services can provide antivirus, Anti-SPAM solutions, which scans the e-mail and e-mail content attachment for virus, SPAMs and send the only clean e-mail to recipients.
2. Ransomware – The systems should be properly patched up and the back of the data should be taken and should be tested for restoration. there is no alternative for the having good practice of back-up and restoration.
3. Virus Attacks – Make sure that all systems have latest Anti-virus client deployed and these systems are reachable to Antivirus signature for getting a signature update. Make sure that Antivirus licenses are renewed on time. The cost-effective way for doing this is to opt for SLA based Antivirus as a Service
4. Security Awareness – SMEs needs not have security awareness training conducted in-house. there is good free web-based security awareness training and videos are available. For example, Wombat Security Technologies , provides security awareness training to help customers to keep awareness top-of-mind for end users. SANS Institute has very good free videos on security awareness
5. Update and Upgrade – There is no alternative to keep eye on the patches and updates available from your technology vendors. A good patch management process and the free tools like Microsoft WSUS can be the best combination for keeping your systems up-to-date.

While opting for an innovative approach, like BYOD to differential from competition, make sure that you understand the complexity of BYOD, risk, and impact of it on your organization’s data.  Define BYOD policy and have it implemented minimum, make sure that BYOD devices are protected with passwords and are encrypted.

It is not you have to pay big money to stay secure, a little bit of thinking and lots of discipline can lead your organization to safe and secure at the base level.