{"id":8089,"date":"2022-05-04T16:41:54","date_gmt":"2022-05-04T15:41:54","guid":{"rendered":"https:\/\/cybersmart.com\/?page_id=8089"},"modified":"2022-07-26T14:34:34","modified_gmt":"2022-07-26T13:34:34","slug":"cybersecurity-for-smes","status":"publish","type":"page","link":"https:\/\/cybersmart.com\/cybersecurity-for-smes\/","title":{"rendered":"Cybersecurity for SMEs"},"content":{"rendered":"\n
However, when it comes to cybersecurity for SMEs, things get confusing. As an SME owner, you probably have a limited budget (not to mention time) for cybersecurity.<\/span><\/p>\n And, with so many different tools and options available, how do you see the wood from the trees?<\/span> Well, we\u2019ve got you covered. Strap yourselves in for a whistlestop tour of cybersecurity for SMEs. We\u2019ll cover why good cybersecurity is so important, the main threats SMEs face, and explain some of the tools you can use to protect your business.<\/span>\n However, among small business owners, there\u2019s often a misconception that it only happens to large, high-profile organisations. After all, why would a cybercriminal attack a start-up or small business with little to steal?<\/span><\/p>\n Unfortunately, this couldn\u2019t be further from the truth. An SME is successfully hacked every 19 seconds in the UK,<\/span> according to Hiscox<\/span><\/a>. And over <\/span>88% of UK businesses <\/span><\/a>suffered a data breach in the last year. That\u2019s a lot of SMEs when you consider that the <\/span>FSB estimates<\/span><\/a> small businesses account for 99.9% of the business population<\/span><\/p>\n For those SMEs who are successfully breached the fallout can be disastrous.\u00a0<\/span><\/p>\n First, there\u2019s the financial impact. Cyber breaches cost the average small business<\/span> \u00a325,700 in basic \u2018clear up\u2019 costs every year<\/span><\/a>. But it\u2019s not just clean up costs, systems downtime during and after the breach could impact productivity and cost you valuable business. And this is before we factor in the payment of any ransoms or theft of financial assets.\u00a0<\/span><\/p>\n Then there\u2019s the reputational damage and loss of customer trust. It can take years to build customer relationships, a successful cyber attack can undo that in seconds.\u00a0<\/span><\/p>\n Finally, a cybersecurity breach can come with legal consequences for your business. Data protection and privacy laws require businesses to secure any personal data they hold \u2013 both for staff and customers. If this data is leaked or compromised and you\u2019ve failed to adequately protect it, you could face a hefty fine or regulatory sanctions.<\/span>\n Can you be sure your people will follow the same security protocols they would in the office? The networks, devices, and security tools your staff use at home are likely to be far less secure than those in the office. And it\u2019s not just the tools they use; as ZDNet has reported, 52% of employees believe they can get away with riskier online behaviour when working from home.<\/span><\/p>\n So it\u2019s perhaps not surprising that 91% of global businesses have seen an increase in cyber attacks as a result of employees working from home. <\/span><\/p>\n For more on remote working, <\/span>download our ebook<\/span><\/a>. <\/span>Ransomware is the new kid on the block when it comes to cyber threats for SMEs. Once a concern for big-name businesses with large budgets, ransomware is increasingly affecting SMEs as cybercriminals switch their focus to easier targets.<\/span><\/p>\n Sadly, this is also backed up by the statistics. 1 in 2 SMEs have been attacked by ransomware and more than 73% have paid out to get their data back. The consequences can be disastrous, ranging from company downtime to reputational damage and even bankruptcy.<\/span>According to research, up to 80% of cyberattacks now begin in the supply chain. Cybercriminals have realised that to target high-profile businesses, you don\u2019t need to attack the organisation itself. Big corporate enterprises often have the best cybersecurity tools and processes, so breaching their defences is difficult.<\/span><\/p>\n However, the SMEs who supply or provide services to these big companies usually have far more modest defences. And, crucially, they provide a \u2018backdoor\u2019 into bigger organisations by being part of the supply chain. A breach at even the smallest link in the supply chain can have dire consequences for everyone within it. And this makes SMEs a prime target for cybercriminals with an eye on big enterprises.<\/span><\/p>\n Read more on supply chains here<\/span><\/a>. <\/span>Most of us know the importance of strong passwords, but that doesn\u2019t stop us from using the same easily guessable phrase we\u2019ve been using since 2001 for everything. We\u2019re only human after all.<\/span><\/p>\n The problem is that this poses a huge security risk. Research from the UK\u2019s National Cyber Security Centre (NCSC) revealed that the 100,000 most commonly used passwords were responsible for millions of breaches worldwide. And It only takes a cybercriminal to crack one insecure password in your business for disaster to strike.<\/span><\/p>\n Read more about the importance of passwords <\/span>here<\/span><\/a>.<\/span>Without a doubt, the most common cyber threat to small businesses is a phishing scam.<\/span><\/p>\n A recent report from CybSafe, reveals that <\/span>nearly half (43%) of UK SMEs were targeted by a phishing attempt in 2019<\/span><\/a>. Even more alarmingly, two thirds (66%) of those attempts were successful, demonstrating the threat phishing scams pose.<\/span> To find out more, <\/span>check out our blog on the subject<\/span><\/a>. <\/span>\n From government-backed certifications to simple fixes, here are a few of the options open to you for improving your cybersecurity.\u00a0<\/span>\n <\/p>\n Cybersecurity certifications are a relatively new invention. For example, the UK government\u2019s Cyber Essentials scheme was only conceived in 2014 as a response to growing concerns about businesses\u2019 cybersecurity. <\/span> But what are they and how do they work? And, more importantly, why should you bother?\u00a0<\/span> <\/span>\n Although all the major certifications have subtle differences, they do offer a few key benefits in common.<\/span><\/p>\n Cyber Essentials<\/span><\/a> is a government-backed certification scheme, covering the essential actions every business should take to ensure its protection from cyberattacks. Think of it as \u2018cyber hygiene\u2019 \u2013 a bit like washing your hands, brushing your teeth or wearing a face mask.<\/span><\/span><\/p>\n The scheme assesses five key criteria:<\/span><\/p>\n Getting Cyber Essentials certified is a requirement for many government tenders and can protect your business from 98.5% of cybersecurity threats.\u00a0<\/span><\/p>\n But the benefits don\u2019t end there. It\u2019s also a great indicator of your business\u2019s commitment to security, marking you stand out as trustworthy and safe to potential partners and customers.<\/span>Cyber Essentials Plus<\/span><\/a> is the older, slightly more involved sibling of the standard certification. It has the same requirements as Cyber Essentials (you must have all five security controls in place) but differs in one crucial aspect.<\/span><\/span><\/p>\n While Cyber Essentials is self-assessed, Cyber Essentials Plus also includes an independent assessment carried out by a licensed auditor. After you\u2019ve completed the self-assessment portion of the certification an auditor will either come to you or remotely access your network and manually check for the five Cyber Essentials controls.<\/span><\/p>\n This provides you with absolute assurance that your cybersecurity is up to scratch. And customers don\u2019t have to take your word that you\u2019re cyber secure \u2013 they can rely on the expertise of a professional.<\/span><\/p>\n To find out more about Cyber Essentials and Cyber Essentials Plus, <\/span>download our handy guide<\/span><\/a><\/span>.<\/span> <\/span>Complying with <\/span>GDPR<\/span><\/a> has a reputation for being complex, costly and time-consuming. But it doesn\u2019t have to be. At its heart, GDPR is simply about safely securing data and preventing breaches.<\/span><\/span><\/p>\n The Cyber Essentials certification covers some elements of GDPR compliance. However, for those customers who want complete assurance, we recommend the IASME Governance certification.<\/span><\/p>\n The IASME governance certification addresses many of the same things as Cyber Essentials but goes much deeper. The assessment criteria include 110 questions based on the following areas:<\/span><\/p>\n Many of these questions cover GDPR specifically, giving you a much greater coverage for GDPR compliance than Cyber Essentials.<\/span><\/p>\n To find out more about GDPR and the certification options open to you, <\/span>download our guide<\/span><\/a><\/span>.<\/span> <\/span>\n It\u2019s best understood as a \u2018tunnel\u2019, used only by you, between your workplace and wherever you\u2019re working from. Essentially a VPN keeps you safer and offers a greater level of privacy than a regular connection.\u00a0<\/span><\/p>\n For the lowdown on VPNs check out our<\/span> blog on the subject<\/span><\/a>. <\/span>Encryption is most commonly used to protect data in transit and at rest. Ever sent a Facebook Messenger or WhatsApp message? That uses encryption. Or, a payment using online banking? Also encryption. How about buying something from a web store? You guessed it, encryption again.<\/span><\/p>\n You get the picture. Encryption is used everywhere in our daily lives, but how does it work?<\/span><\/p>\n In non-technical terms, encryption is a way of randomising data so that only an authorised recipient can understand the information. Encryption converts plaintext \u2013 for example, the text in an email between you and a colleague \u2013 and converts it into ciphertext, a string of random numbers and letters. To unlock the real message or data, you need an encryption key, which is a set of mathematical values that only the sender and the recipient of the message know.<\/span><\/p>\n For more on encryption, read our blog, <\/span>Encryption explained: how does it work and why do SMEs need it?<\/span><\/a>Anti-virus and anti-malware software are by far the most common cybersecurity tools used by businesses to protect themselves. Unless you\u2019ve been internet-free for the past couple of decades, chances are you already have one.\u00a0<\/span><\/p>\n What\u2019s more, you probably already have a good idea of what they do (to detect and stop malicious traffic from infecting business systems and devices). However, with so many options on the market, it can be difficult to choose the right software for your business. So, we put together our <\/span>Top 10 Antivirus products <\/span><\/a>for SMEs. <\/span>Remember how your mum would fix your school uniform with a patch of similarly coloured fabric when you ripped it falling over in the playground for the hundredth time? Well, the same principle applies to patching in cybersecurity.<\/span><\/p>\n Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. It could be that the software was built with vulnerabilities that weren\u2019t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem with security patches.<\/span><\/p>\n Just like the million little fixes to your school trousers, security patches are small adjustments. They don\u2019t change the fundamental function of the software, but they do get rid of \u2018holes\u2019 a cybercriminal might exploit to access your data or systems.<\/span><\/p>\n We bang the patching drum a lot at CyberSmart. But, as repetitive as it might be, there\u2019s a very good reason behind our love affair with patching.<\/span><\/p>\n Regularly updating your software and operating systems is the easiest, most time-efficient way to improve your cybersecurity. Even the best software becomes outdated or develops gaps and, when it does, cybercriminals suddenly have an easy route into your business.<\/span><\/p>\n Fortunately, avoiding the worst is incredibly easy and it shouldn\u2019t take you more than a couple of minutes each month. All it requires is that you check every now and then for any new updates to tools and software you use. Or, if you want an even easier solution, simply turn on auto-updates in your device\u2019s settings, and you won\u2019t even have to think about it.<\/span><\/p>\n For more on patching,<\/span> read this blog<\/span><\/a>Before we get into password management tools, there are several things you can do to improve your business\u2019s password security.\u00a0<\/span><\/p>\n Start by using unpredictable passwords. The <\/span>NCSC recommends<\/span><\/a> using \u2018three random words\u2019, that are memorable but not easy to guess, in combination. Then, set up different passwords for each account you use.\u00a0<\/span><\/p>\n
\n<\/span><\/p>\nWhy is cybersecurity so important?<\/b><\/h2>\nAwareness of the threat posed by cybercrime is pretty good. By now we\u2019re all used to seeing headlines about the latest data leak or ransomware saga.\u00a0<\/span><\/p>\n
What are the main threats SMEs face?<\/b><\/span><\/h2>\n2020 was the year the world of work changed forever. But while remote working offers many benefits to SMEs, from happier, more productive staff to real estate savings, it also brings risks with it.<\/span><\/p>\n
\n<\/span>
\n<\/span>For more on how to avoid phishing scams, <\/span>read this<\/span><\/a>. <\/span>According to recent research,<\/span> 95% of cybersecurity breaches are caused by human error<\/span><\/a>. <\/b>However, before you start picking on Barbara in accounts, it\u2019s important to note that most cybersecurity experts agree that \u2018blaming\u2019 staff for cybersecurity failures isn\u2019t productive or helpful.<\/span>
\n<\/span>
\n<\/span>Instead, they advocate adopting a no-blame culture when it comes to cybersecurity, more on which in the on training section.\u00a0<\/span><\/p>\nHow can SMEs protect themselves from cyberattacks?<\/b><\/span><\/h2>\nSo far, we\u2019ve dealt mostly in doom and gloom. However, there\u2019s plenty SMEs can do to protect themselves from most cybersecurity threats, often at little cost.\u00a0<\/span><\/p>\n
Cybersecurity certifications<\/b>
\n<\/b><\/b><\/span><\/h2>\n
\n<\/span>
\n<\/span>However,\u00a0 while they might be new, certifications have quickly become an important part of the fight against cybercrime.\u00a0<\/span><\/span><\/p>\nThe Benefits of cybersecurity certifications<\/b><\/span><\/h3>\n
\n
\n
\n
Tools<\/b><\/span><\/h2>\nIn simple terms, a VPN (or virtual private network) allows you to connect to business systems securely while using a public network. A \u2018public\u2019 network could be the free connection you get on public transport, the WiFI at your favourite cafe, or even your home internet router.<\/span><\/p>\n