André Lameiras, security writer at ESET, explains how businesses without the resources and technological expertise of large organizations can defend themselves against cybercriminals.
Running and growing a business is hard work even in good times, but times of crisis bring a fresh crop of challenges. And as our reliance on technology for so many aspects of our lives increases, so does the realization that global or even regional crises and emergencies will ultimately have ramifications in the digital realm.
Two years ago, many lives and livelihoods were suddenly left hanging in the balance with nary a warning. The COVID-19 pandemic revealed our collective fragility and the inevitably pell-mell rush to off-site working put the resilience of many businesses to the test, all the while creating fertile ground for cybercrime.
The pandemic hasn’t run its course yet, and cybersecurity practitioners are sounding the alarm about another global hazard – the risk of major cyber-fallout from the war in Ukraine that may disrupt the operations of organizations in the world and in some cases trigger a cascading crisis.
The risk is acute for government agencies and multinational corporations all the way to perhaps the most vulnerable – small and medium-sized businesses (SMBs). Devoid of the resources of their larger brethren, small companies may find it particularly difficult to defend themselves against cybercriminals or to bounce back from a successful attack.
With much of the media coverage focused on truly big security breaches, many small business owners might be forgiven for thinking that they’re safe. Far from it. These days, no company is too small to be noticed by the criminally-inclined – or become collateral damage from attacks aimed at other targets. Too often, companies fall victim to attacks that are indiscriminately deployed at scale to haul in a bigger catch.
SMBs are known to be the sweet spot of cybercrime, having more assets and money than consumers, but less sophisticated cyber-defenses than bigger enterprises. Regardless of their size and stage of preparedness, businesses should regularly evaluate their incident response capabilities, even more so in times of increased risk.
If your company is only now assessing its security risk, it is safe to assume your security posture is at a fledgling stage. There are, however, a few simple steps that you can immediately take to protect your data and the data of your employees:
IBM’s Cost of a Data Breach Report 2021 revealed an increase of 10% from the year prior in the average cost of a data incident, corresponding to a total of US$4.24 million – an amount that covers legal, regulatory and technical expenses caused by malicious attacks to the 537 companies under review. Such an amount is much higher than the investment that companies could make to avoid similar situations.
Following these simple steps will take your security to the next level, but expect attacks to happen. When they do, know who to call for support as threats can show themselves in different shapes and forms. Remember that your client’s data is just as valuable to you as it is for the attackers. They can use it for illicit purposes, share it online to damage your company’s credibility, or steal it to pressure you to pay a ransom. Also, they can simply wipe it out with no apparent motive and seriously harm your business.
Times are tough. Business owners need to add a few more concerns that were not part of their security checklist just a short time ago. But don’t be overwhelmed, making sure that your passwords are strong and your employees understand the need to follow your security policies is a good starting point.