You would think and you would say, that you are not a target for cyber-attacks. You may think you are small and you are not famous. But, you are not invisible. You must know that you can’t hide. Do not think that nobody can find you. If you are connected to a network, you can never say that nobody can reach you. We are living in the 21st century. In this era, everyone is connected. There is no way you can live an isolated life. Even your Smart TV can spy on you. You can’t trust anything that easily.
Without your knowledge, there can be so many vulnerabilities in the devices you access. Even you can’t trust your smart door lock or your baby camera. In my point of view, anything connected to the internet is not secure. But, can you live without them?
Why should you get afraid after hearing all these things and decide to disconnect from the network and be isolated? Am I scaring you? Is that the thing you should do? Nope!! You have to move with the technology. You have to face the fear. You should know how to bake the cake without getting your hands burnt.
Think again. How could it possible to be a cyber target? With whom you do business? To whom do you serve? Cyber Security is not need unless you have a big business, right? Wrong! Hackers spread their wings on that very misconception. Small business companies are an ever growing ripe target base for cyber criminals. You must know, if you have something worth, you have something to be a target. One leaked email can confirm a pending deal. So, you can never say you are too small to be a target.
How about your neighborhood post office? How about the Real Estate Broker, Attorney and the pharmacist? Yes, their network doesn’t store much financial data. They only maintain personal information on their clients and staff. While the data might not be high in count or high in value when comparing with the information stolen from a big bank or a mighty company, it is still valuable. Still they have a risk. They can be a target at anytime. Who knows when? Better to be prepared. Risk mitigation (Risk Acceptance, Risk Avoidance, Risk Limitation and Risk Transference) is cheaper and healthier than Disaster Recovery in Risk Management.
Who is designing and setting up your company’s website? Can you trust them? Can you trust your vendors or third party vendors? These small companies working with vendors spinning up sites for them on platforms like WordPress. Are they protecting you from the vulnerabilities and the risks that exist in these platforms. Do they even know?
There is no excuse for leaving your system vulnerable. Some companies cut corners to save time and money. Burying your head in the sand may save money in the short term. But the cost of the damage could range from minor inconvenience, customer data loss, fines, reputation damage and ultimate company closure.
“If you give a man a fish, you feed him once. If you teach a man phishing, he’ll buy a dinner with your credit card”
SMEs are softer targets for criminals. In 2013, HVAC was hacked. The damage was so high that costs exceeded $250 million. Small companies like HVAC company are often targeted by cyber criminals as they are unaware of cyber threats. Most of them are under an illusion that they have no reason to be a target as they are small in scale. Therefore, the potential risk is magnified.
The major cyber threats to SMEs include:
Ransomware– where a piece of malicious software encrypts all the data on company’s network and requesting a ransom in order to provide the decryption key.
DoS attack– when a company’s website is overwhelmed by a huge volume of data pushed towards the servers in a malicious manner.
Hack attack– where a hacker gains access to the company’s network by exploiting an unpatched vulnerability and access company’s data.
Human Error– when people are the weakest link in the security chain, data breaches can be the result of information being lost or distributed to the wrong person.
CEO Fraud– where a hacker poses as a senior person within the company by hacking or spoofing their email account and convinces someone with financial authority to make a payment.
This cocktail mix of vulnerabilities and risk of easy access should be alarming to everyone who think they are too small to be a target. Not only small firms but also their customers and our data which resides in their systems. The effect of breaches on small companies and their customers are severe. The customers who were served by the company, can be all exposed.
So how can SMEs protect themselves and compete?
An employee at a big company probably can’t forward a phishing email to his CEO, but at a small company, it can happen. It is important for each and every employee to be diligent and practice good cyber hygiene. It is good to acquire proper cyber awareness training.
Small companies can offset some of the risks by passing it off to an insurer. These days Insurance companies are increasingly getting into the cyber insurance market.
Every company should have the basics of good security protection installed. An anti-virus product (End-point security and encryption), a small firewall, a good backup system and a business continuity solution should be there. Lastly, proper end-point and network monitoring should be done.