Cyber Criminals Don’t Care If You’re An Enterprise Or Not

There is an age old saying, the bigger something is, the harder it falls. In relation to cybercrime, it doesn't matter what your business size is; when you get hit without proper precautions in place, you will get hit hard.

It has become standard for SMBs to believe they are safe because they don't have the same financial value as fortune 500 companies. Yet hungry cyber criminals are able to pilfer different types of data for their own advantage. In fact, any of your pieces of 'Personally Identifiable Information' (PII) such as name, address, phone numbers, date of birth, email addresses, bank details, and online usernames and passwords can be used or sold for handsome dividends.

KPMG UK partner Stephen Bonner suggested that,

It is possible that our willingness to share and shop online will let criminals become more selective about who they target. They won’t need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”

Not only are cyber criminals stealing this information, but they are coming up with more creative and sophisticated ways of doing it, such as targeted malware attacks and sophisticated spam. It appears that businesses aren't just facing a high volume of threats, they are also dealing with less onslaught and more highly advanced and cleverly disguised threats. Subsequently, businesses (regardless of size or professional profile) that have never really given much thought about online security, have now become the easy targets.

This is reflected in key findings from The Global State of Information Security Survey 2015 by PWC. This shows a 64% jump in the number of incidents detected by medium sized organisations (those with revenues of $100 million to $1 billion).The current cost of these security breaches is not a pretty penny. In the same study, the Center for Strategic and International Studies noted that while there are difficulties in estimating the full financial impact of cybercrime, the estimated annual cost to the global economy ranges from $375 billion to as much as $575 billion.

It is interesting to note that while 48% of CEOs globally are concerned about cyber threats to their organisation, including a lack of data security; security budgets have actually decreased by 4% compared to 2013.

So, SMBs know there are more advanced threats from spam containing malware, but aren't raising IT security budgets to match demand - doesn't really make sense, does it? But there are some very simple things SMBs can do to help mitigate risk without digging too deep into the pocket.

Educate your employees
Training staff on what to look out for and best security practices is the first step, as most security breaches start with unaware email and web users. Hold regular training sessions for all staff around basic security threats and preventative measures, including not opening email attachments or clicking on suspicious links.

Put in a password policy
Larger companies that deal with sensitive data tend to put in password policies. This includes changing passwords every 60 to 90 days, setting rules to ensure passwords are more complex, and using different passwords for various systems. Utilising password managers for multiple passwords will also assist to make the process run smoothly.

Regularly back up data
Around half of SMBs do not regularly back up their critical data. With such a spike in malware and ransomware attacks like Cryptolocker, implementing automated data backups and a disaster recovery plan will help to reduce the impact from a data breach.

Implement data protection services, policies and procedures
As you educate your staff, make sure that you put practical policies and procedures in place, especially around possible security concerns like BYOD (Bring Your Own Device). Utilising outsourced managed security services such as email and web filtering will help your business to employ sophisticated technology that can detect any web and email bourn threats.

To learn more about services that can help protect your business, take a look at the blog prepared by MailGuard: The Key To The Best Malware And Spam Protection.

If you enjoyed this article, be sure to 'Like' it and 'Share' it with the LinkedIn buttons below!