SMEs generally need the capability to juggle many different tasks at any given moment. If you’re a new SME business your focus might be on finding suitable premises, financing your operation, strengthening your team or simply staying afloat. With a plethora of moving parts to consider, digital risk management can get left by the wayside. The risks, however, can be severe and are more prevalent in smaller businesses than they are in larger ones.
While cybersecurity is often front-page news, the headlines might give the impression that it is an issue that predominantly affects corporate giants alone. This could not be further from the truth, however. The harsh reality becomes more evident through some eye-opening statistics such as the ones below:
- More than 70% of cyberattacks are committed against small businesses
- 50% of SMEs have reportedly experienced a cyberattack
- 60% of SMEs that fall victim to a cyberattack go bust within 6 months
The risks, then, are very real, which begs the question, what do SMEs need to know in order to protect themselves? Here are some ways in which you can keep your business protected, as told by ClusterSeven.
Make security a priority
Updates are often seen as more of an irritation than an aid. In order to make sure your networks and devices are as secure as possible, however, you have to be diligent about this measure. Get into the habit of downloading updates and installing reinforcements as soon as possible when it comes to security software and operating systems. This will help to strengthen your first line of defence against cyber threats such as viruses and malware.
Back-up your data
Backing up your data on a regular basis will ensure that you can regain access to all of your important information in the unfortunate event that is somehow lost or stolen. Automating the backup process is the most thorough and efficient way to do this. Store copies of everything from documents to databases in the cloud or in a secure location offline.
Tighten up passwords and access checks
No matter how many warnings are given not to use obvious passwords, many still do just that. Make sure the passwords for your systems and accounts are complex and unique. Set requirements that all staff must abide by, which must include updating passwords regularly. At times it may be necessary to insist on additional checks to gain access to more sensitive information. While adding extra levels of authentication may be an irritant to your staff, the benefits in the face of a cyberattack will be worth it.
Adopt a need-to-know policy
Not every member of staff requires access to all of your data. While giving unfettered access may seem more convenient in the short-term, it could have disastrous consequences if it proves to be the weak link in your security protocols. Only enable access to the systems and accounts that each employee needs for their role. Selected, top-line staff are really the only people who should have free access to your systems and data. In addition to this, see to it that no one can download or install any software without prior authorisation.
Reduce the human error risk
Unfortunately, most cyberattacks are ultimately down to human error. Whether it’s opening an email containing malware, not wiping data properly, or misplacing a mobile device, people are often the ones inadvertently responsible for security breaches.
While it’s impossible to protect against human error completely, you can at least help to reduce it. Make sure your employees are fully trained and aware of the risks and how to minimise them. This should be an ongoing process with regular refresher courses for all levels of staff, all the way up to top management. It should also be a standard part of your training program for new recruits.
Treat your mobile like your office
With more and more business being conducted remotely, it’s crucial that you extend the same digital risk management measures to all devices. It’s not enough to simply implement the steps above in the office. Wherever you have staff working from their phones, laptops, or tablets, you need to be vigilant about security. Make sure all devices have strong passwords and data encryption in place as well as security apps that are kept up-to-date.
Plan for the worst-case scenario
Finally, have a plan in place, just in case it all goes wrong. The best efforts in the world cannot offer 100% protection against a cyberattack. Being prepared in advance, however, gives you the ability to immediately swing into action and move to diminish any damage caused. This type of proactive approach has the added benefit of minimising downtime and the associated costs that come as a result of wasted productivity.