Do you ever get the feeling that the need for cybersecurity is being rammed down your throat?
If that resonates with you, this information in this article will help to alleviate your concerns. You can answer the cybercrime conundrum without blowing the majority of your IT budget on cybersecurity.
You’ve probably noticed that media companies deliver a heavy dose of scaremongering around the threat of hackers to SMEs on a daily basis. Most of these articles originate from cybersecurity firms.
These reports are actually “advertorials” – adverts made to appear like genuine newspaper copy – promoting the services of cybersecurity firms. It’s sponsored content.
The BBC has been telling small businesses are a prime target for hackers for a decade, the Daily Mail reports that 46% of security breaches in the UK were SMEs and The Guardian is screaming “businesses need to wake up”.
Leading online tech magazines are promoting the same message as well. Wired reports that 67% of small businesses have experienced cyberattacks and 58 per cent have experienced a breach.
“These statistics make it clear all businesses need a solid cybersecurity strategy. Be it ransomware, DDoS (distributed denial of service), phishing or some other threat, there is no shortage of cyber threats targeted at small businesses.” ~ Wired
You’ll notice most of these articles either name a cybersecurity firm, link to another report that names a cybersecurity brand or link to a company website via anchor text. This is how advertorials work. They are essentially sponsored content paid for by a company to promote their services.
Financial services are also getting in on the act by publishing cybersecurity data by industry. This gives business leaders the opportunity to check “guidelines” that benchmark how much their peers are spending on cybersecurity.
Of course, the government has weighed in as well. They say cybercrime costs the UK economy £27bn a year. Gasp!
I don’t want to play down the threat of cybersecurity, far from it. The threat does exist. However, let’s not blow up cybercrime like the media just to sell the cybercrime services you don’t always need. The scaremongering headlines are designed to force small businesses to invest heavily in cybersecurity defences.
Yet it’s the cost of implementing cybersecurity defences that really frighten business owners. Some quotes that have been bandied about are $2000 per employee.
And this is why the media build cybercrime up to overblown proportions. The advertorials in mainstream media are designed to influence the decisions of business leaders.
The good news, or if you like, the real news, is that implementing effective cybersecurity defences doesn’t cost that much.
Why Small Businesses Are An Easy Target For Hackers
The figures reported by journalists and cybersecurity firms are probably accurate. Small businesses are prime targets for hackers because they are easy targets.
That’s because, so we’re told, “small businesses had used basic cybersecurity measures to protect data.”
The fact of the matter is that small businesses do not have the resources to invest in advanced technologies cybersecurity firms are selling. Yet SMEs are told cybercriminals are investing in new tools and so should you!
In truth, the best protection against hackers is to deploy cybersecurity best practices. And best practices don’t cost anything extra than what you’re already paying for – other than a few exceptions.
Having said that, we do recommend that you invest in remote monitoring software that detects suspicious behaviour and patch management to ensure that every device that is used to access your business network is updated immediately.
The cost barrier for many SMEs is that cybersecurity firms only offer fixed costs for their services. Whilst fixed costs make it easier to plan your IT budget, the costs are often higher than SMEs are prepared to pay.
Fixed costs typically come with a fixed approach to cybersecurity. That’s because there are many facets to consider when it comes to cybersecurity. However, cybersecurity is not a one-size-fits-all solution. The defences you put in place should be customised to your needs and your budget.
If you take a “fixed-cost-fixed-solution” option, you are paying for a service you may not need or don’t do enough to protect your network. In other words, you’re overpaying.
The cost of installing cybersecurity solutions will largely depend on your industry. Not all industries face the same issues and the data you store may not be governed by data protection laws. Attacks on most SMEs are designed to access your financial accounts.
SMEs in “high hazard” industries such as finance, healthcare and utilities etc, should expect to invest in more technologies than other sectors. This is because data protection laws in the UK determine the level of protection a business owes its stakeholders in relation to how sensitive personal data is.
Cybersecurity Trends
Before you determine which cybersecurity solutions work for you, and therefore, how much you need to invest, it helps to understand what the latest hacking trends are.
The Trellix Threat Report for Summer 2022 reveals that ransomware and malware attacks sent via email agents represent the principal gateway for hackers. The report also identifies that hackers look to exploit vulnerabilities in access control systems and critical infrastructure.
Phishing, spear phishing and email spoofing are the most effective strategies. Last year CISCO’ reported that 90% of data breaches occur due to employees giving away sensitive information or clicking links or downloading documents from phishing attacks.
To understand the various phishing techniques hackers use to infect a device with malware, we recommend reading our article titled ‘The latest hacking technique to watch out for’.
Phishing exploits enable hackers to infect a device or network with malware that can collect credentials and data such as account passwords. With these details, hackers can establish access into accounts and either steal sensitive data they can sell to businesses or they can steal money directly from your bank account.
Another recent method hackers use to plant malware on a device is through Microsoft Team chats. Threat actors are dropping documents in chat streams on trusted sources that are infected with malware.
It is thought that this technique could eventually become more popular than phishing. However, hackers firstly have to acquire an individual’s Microsoft login credentials. The best defence from this attack is to prevent hackers from stealing Microsoft login credentials.
Downloading content from the internet onto a device is also another gateway hackers use to infect devices with malware. The types of content that are typically infected are pirated files such as films, music and pdfs.
Despite the efforts of Google, Apple and Microsoft, malware-infested apps still find themselves in app stores. Malicious apps often grab headlines as well, but usually turn out to be obscure apps businesses wouldn’t ordinarily download anyway.
The easy solution to avoid malware from infecting your network is to educate your staff about the sources threat actors use. Simply being aware of cybercrime dramatically eliminates the risk of a data breach. Cybersecurity awareness training is all that expensive when you consider the return on investment.
A recent survey published by Tessian reveals that 30% of employees do not feel they play an important role in protecting stored data. If anything, this highlights the importance of cybersecurity awareness training.
Employee negligence is the biggest threat to your business network. There is also a risk that data could be deliberately leaked by a disgruntled employee.
As I mentioned above, implementing cybersecurity best practices is your best defence against cybercriminals.
Inexpensive Cybersecurity Solutions
Many of the cybersecurity tools a small business will need are already programmed into the software you are using for your business operations. You’ve already paid for these defences. All you have to do is deploy them properly.
For example, Microsoft 365 includes multiple security features designed to protect users from phishing attacks, malicious malware, data theft, email interception, unauthorised account access and more.
However, security features often need configuring, such as admin accounts and account access. Gartner report that 80% of data breaches are due to misconfigured cloud software.
Cybersecurity best practices include giving employees the lowest level of access permission they need to perform their job. The process includes labelling files, drives and documents with access permission and password protection.
Cloud software settings can also be activated to prevent employees from browsing certain websites or downloading pdfs unless they have administrator privileges.
We also recommend banning your employees from downloading content that could potentially be infected with malware on devices they use to access your business network.
This could be contentious for companies that have a BYOD policy. It’s very difficult to police an employee’s personal device. Cybersecurity awareness training is effective at deterring people from using devices in ways that could download malware.
Training your staff however to identify phishing emails should be a priority. It is estimated that phishing emails account for 1% of all email traffic. It’s inevitable that all your employees will receive potentially harmful emails at some point.
Update Critical Infrastructure
Attacks on critical infrastructure are another gateway threat actors find attractive. Legacy software that is no longer protected by manufacturers is especially vulnerable.
Attacks on critical infrastructure involve looking for flaws in software and hardware. Vulnerabilities appear in released software all the time – which is why the likes of Google and Microsoft spend billions on improving sophisticated cybersecurity defences.
For the most part, tech companies spend huge sums of money so that you don’t have to. However, end-users are still accountable to update the software with the latest security patches.
Businesses, therefore, have to rely on individual employees to update all the apps stored on their devices. This can be risky for SMEs with an abundant workforce. The easy solution is to invest in patch management services which automatically update software whenever the latest security patch is released.
Implement Strong Cybersecurity Policies
Technology is essential for modern businesses to operate and remain competitive. However, it is the technology used by businesses that make you susceptible to the threat of hackers.
Minimising these risks are relatively easy and inexpensive fixes by implementing strong cybersecurity policies that educate staff on how to protect their devices – and your business network – against bad actors.
Here are a few simple fixes:
- Show staff how to create strong passwords that cannot be deciphered by sophisticated password-cracking technologies that hackers use. In addition, force employees to update passwords at least once a month.
- Enable password protection on devices including any identity authentication features such as fingerprint or facial recognition.
- Install free mobile device management software that enables you to activate device tracking so that lost and stolen devices can be tracked, locked or wiped.
- Avoid using unsecured public Wi-Fi hotspots such as bars and cafes to access your business accounts. Use 4G or 5G mobile networks with built-in security features instead.
- Implement two-factor authentication to access all business accounts.
- Backup data in the cloud. When you back data up in the cloud, it’s stored in a different location than on your physical premises. This means it can be accessed even if ransomware hackers freeze you out of accounts you ordinarily use to access data.
- Use an email agent that has a properly configured spam filter. This will eliminate a large percentage of attacks that land in your staff’s inboxes.
Cybersecurity and IT Support in London
Improving your cybersecurity defences may seem expensive, but some of the most important solutions are already built into software packages or have minimal cost.
Most cybersecurity solutions certainly cost less than suffering a data breach. It’s reported that 60% of small businesses close their doors within three months of a data breach.
Companies don’t go out of business due to the financial penalties issued by the Information Commissioner’s Office under the powers of GDPR. Most businesses suffer from data protection laws because legislation says they have to report data breaches to stakeholders if the individuals affected could be “at risk of becoming a victim” of cyber criminals.
Customers are “at risk” if the data you store could reveal their identity or cause them to suffer financial loss. For example, an email address is considered sensitive because email addresses are typically used as a credential for accessing online accounts.
Whilst technological solutions play a part in building cybersecurity defences, inexpensive IT security strategies eliminate the majority of threats. Our seasoned IT professionals in London help businesses continuously improve their cybersecurity defences by incorporating affordable cybersecurity strategies into a managed IT support package.
For more information, contact us today and speak to a member of our knowledgeable senior management team. We provide customised IT packages and have extensive knowledge that enables us to identify affordable cybersecurity solutions that fit the IT budget of our clients.