It’s probably no surprise by now that many Small and Business Enterprises (SMEs) in Singapore are ill-equipped in defending themselves from cyberattacks. Many seem to think that they are "too small" to be targeted by cybercriminals, that they have “nothing worth stealing”. Unfortunately, the truth could not be further from that, according to the Cyber Security Agency of Singapore (CSA), almost 40 percent of cyberattacks in Singapore target SMEs.
As large enterprises continue to increase their spending on cybersecurity, cybercriminals are turning to the easier and weaker targets. Just like in business where we always prioritize finding the low-hanging fruits, why wouldn’t cyber criminals do the same?
Begging the question, what do SMEs stand to lose?
The most obvious answer would be of course money. As do most other criminals, cyber attackers are doing this for financial reasons, for example, unauthorized or fraudulent transfers, ransom payments after ransomware infection and selling your stolen confidential business data either to competitors or the black market.
However, the impact on your business is much more than that. After paying for the ransom, or having wrongly transferred money to these cybercriminals, you are still stuck with having to deal with the loss of productivity, loss of reputation and even legal liabilities. For smaller businesses, either of these might just be enough to be put out of business.
So, how can SMEs be better equipped for this?
Every year, we hear cybersecurity companies and experts from all over the world talk about how the cyber threat landscape is evolving and how we should prepare for it. And that is fantastic, but these solutions are typically designed for large enterprises, financial institutions and even government bodies who will spare no expense to ensure that their data is kept safe.
For the majority of us who are small to medium-sized businesses that do not have hundreds of thousands or millions of dollars budgeted each year to invest in cybersecurity, what can we do?
While indeed, putting tangible cost into an intangible result may not seem like the best way to be spending your hard-earned money, especially during difficult times, here are a few things that SMBs can do to prevent and be better prepared for cyberattacks.
1. Keep Your Devices Updated & Patched
Over the years, we have serviced no less than 1000 businesses in Singapore. And one of the most surprising things that we noticed is the number of unpatched devices (computers, laptops, servers) and sometimes we even find anti-virus software that has the auto-updates turned off or devices that are so old that the manufacturer ceased supports and updates for them years ago.
You might think that this obvious that updates and patches must always be applied, after all, whenever a new malware or bug is found, these updates and patches are supposed to help fix that. But is this process automated? Is there anyone within your organization to enforce this? Employees tend to stop or turn off updates for their devices not to intentionally expose the business to cyberattacks, but most of the time, it is because they find that it slows their computers down and affects their productivity.
2. Staff & Employee Education
As the saying goes, human error is the weakest link in cybersecurity, you can spend millions every year getting the best and latest cybersecurity tool available, but if you have just one employee that clicks on everything that comes his/her way, you are still susceptible to cyberattacks. Phishing emails and malicious webpages are the 2 most common a user will get infected or have their digital credentials stolen. Most users also use the same password across multiple different platforms between personal and business. A single password leak can cause the entire organization to be exposed.
Educating all staff and employees on cybersecurity awareness is now more important than ever with most businesses having at least half their workforce working remotely or working from home, these “home offices” may not have the same security setup as in the office. After all, it would be a financial and logistics nightmare if you have to physically install a firewall in every employee’s home.
3. Business Continuity Plan (BCP)
Having a plan to follow in the event of any disaster is essential, and yes, a cyberattack is a disaster considering the amount of time and money needed just to get everything back into order. A business continuity plan doesn’t just allow you to get your operations up and running quickly but also gives you clear next steps to follow in moments of panic.
The most important component when it comes to business continuity is having recoverable copies of your data and multiple copies of it stored in a separate location. In the event of a ransomware attack and all your files gets encrypted and becomes unreadable or when the physical device stops working, you would still have backup copies that you can recover from. After all, it wouldn’t do you any good when your laptop goes missing, that both your files and the backup copies of it are on the same laptop.
4. Cyber Insurance
Yes, cyber insurance. We are talking about insurance that is offered by traditional insurance companies. It covers things like business interruption/disruption, data loss recoveries, liability claims, and the list goes on.
Of course, it goes without saying that as to all other insurance, it requires the business that they are insuring to have some level of cybersecurity in place. Some insurance companies do have offerings for SMEs alike.
“Each SME is unique hence their readiness for IT Cyber Security will be at different stages. We recommend SMEs to look at how security beaches will affect their business as a whole, with budget allocation and investment in areas that allow the continuance of their business even if their IT Security is breached. In this digitized world, it is just a matter of time that we, SMEs will be hit by cybercriminals.” Ng Lye Kiat – Managing Director, AsiaCloud Solutions Private Limited.
If you wish to learn more about how you can better protect your business, call us for a free consultation.