at small and mid-size enterprises (SMEs) rank cyber security as their lowest priority. Many people continue to believe that cyber security for small business is an unnecessary luxury and something only big corporations should worry about. Many smaller businesses simply don’t hold cyber security in the same regard as physical security or other threats to their company.
But recent security incidents have proven that it’s not really the size or the industry of the company that matters. Cyber criminals are extremely motivated—after all, data is valuable—and always coming up with strategic new ways to gain access to company systems.
So, if cyber security is no longer for the largest of enterprises, who really is a target? And what can the average SME owner do about the cyber threats targeting their company? Here are eight signs that your business should really start thinking about cyber security.
1. You collect personally identifiable information
Many SMEs underestimate their risk level and assume that they don’t have any data worth stealing or they’re too small to even be noticed. In one survey, reported believing they’re not targets. On the contrary, smaller organizations fall into a sweet spot because they collect the same types of data as a larger company without the security of one.
Take time to assess the type of data you collect. Do you collect full names and home addresses? Do you store newsletter subscribers’ email addresses? What about your employees’ information? If you answered yes to any of these, it’s time to invest in a proper cyber security solution.
2. You conduct financial transactions
Any business that makes financial transactions online should take cyber security seriously. Whether you’re a mid-sized retailer selling through your website or a small charity accepting online donations, you collect and store financial data that is very valuable to cyber criminals.
Financial credentials are so valuable that a cyber threat specifically targeting online stores is emerging. E-skimming occurs when a cyber criminal accesses a store’s web server (or a common server supporting several online stores) and intercepts financial transactions. The threat is real and growing, with the “millions of credit card numbers have been stolen, even over the course of the past two years.”
3. You’re governed by cyber security regulations
Each year, more and more countries and industries are developing cyber security regulations, and each year it seems the standards get higher.
In Canada, we have the Personal Information Protection and Electronic Documents Act (PIPEDA). European Union (EU) member states are governed by the General Data Protection Regulation (GDPR). Those in the healthcare sector have the Health Insurance Portability and Accountability Act (HIPAA). The retail, finance, insurance, and energy industries all have their own regulations too.
Noncompliant businesses may be subjected to fines and, for smaller businesses, these fines are crippling. If you don’t know which regulations govern your organization (or if you know them, but not how you measure up), that’s a sign you should start thinking about cyber security.
4. You have employees or volunteers
When it comes to cyber security, your employees are your weakest link. A recent study has shown that one of the is employee negligence. So, if you have employees or volunteers who use technology to carry out their work, cyber security is necessary.
Employees are an easy target because most have adopted poor cyber security habits (such as using the same password for everything!) and bring these same practices into the workplace. No matter how many security tools you have, an employee with poor cyber security habits is a risk.
Cyber criminals also know that many employees are either negligent, or simply too busy to notice malicious tactics, and use this to their advantage. This is why phishing—the to lure the recipient into opening a malicious link or file—is such a popular means for threat actors looking to breach your systems.
What’s worse, and becoming harder to detect. Cyber criminals have started using new platforms such as social networking sites, file-sharing services, and online video games to carry out their phishing scams.
5. You work with third-party vendors
Supply chain attacks are a major risk that any organization working with third-party vendors should recognize and protect against. Just as employees can be a weak link, so can your suppliers and partners. The problem is even if you have your own cyber security set up properly, your vendors may not.
In one case, the point-of-sale (POS) system in thousands of Target stores was infected with malware, breaching the credit and debit card information of . An investigation concluded that cyber criminals infiltrated the POS system by stealing the credentials of one of Target’s vendors.
6. You’ve adopted modern technology policies & remote work
Like many businesses during COVID-19, you’ve probably been forced to quickly adopt modern technology practices such as Bring Your Own Device (BYOD) and remote work, without time to update your cyber security strategy.
Enabling employees to work remotely or use their personal devices long-term is appealing to business owners because you save money upfront, improve productivity, and can attract top talent. While convenient, this brings about a whole new set of risks and, unless you have a strong cyber security solution for remote work in place, may end up costing you in the long run.
Employees who use their own devices in-office or rely on them for remote work, for example, may be using an outdated device that leaves them vulnerable to a cyber attack. And if they’re working from home on their personal network, the risks are greater.
7. You use outdated technology
Outdated technology, such as legacy software, is more vulnerable to security attacks. WannaCry—the infamous ransomware that caused serious damage to organizations around the world—. And because many larger organizations depend on outdated technology, WannaCry caused an unprecedented amount of damage.
“Set it and forget it” doesn’t apply to software or cyber security. If your business may be running outdated technology, it’s time to take cyber security seriously before cyber criminals have a chance to exploit the holes in legacy systems. Remember, the cost of an attack greatly outweighs the cost of updating your technology.
8. You have zero visibility of your network
Do you know what your IT network looks like? Do you know each device that accesses your network? Do you know where your data is stored, how it’s transferred, or who has access to what? If you don’t, it’s time to make cyber security a priority.
Cyber security can quickly fall by the wayside due to other IT emergencies or priorities. For smaller businesses without a fully staffed security team, network protection becomes a bonus instead of a necessity. But this is the wrong outlook.
Thankfully, there are best practices and tools available that can give you a clearer view of your network and vulnerabilities, so you can proactively defend against cyber threats.
Here’s what you do next
The consequences of a cyber attack can be one of the most devastating to any business. There are big costs associated with a cyber attack, regardless if the main goal was to turn your systems offline, compromise confidential data, or damage the company’s reputation.
Most businesses today aren’t prepared to detect and defend against cyber threats, especially with the growing cyber attack potential for remote workers. For situations like those, monitoring solutions such as Field Effect’s Covalence threat monitoring and detection platform can provide the visibility to protect from cyber threats and help improve the security of your business.