In today’s increasingly hostile environment, every business, whether large or small, should be concerned about cybersecurity and have access to protection against hackers, fraudsters, phishers, and all the other bad actors that seem to emerge in the around the world world
Yet time and time again, we see small and medium-sized businesses (SMBs) being left out, an untapped market segment that finds real protection too expensive or too complex to adopt. Cybersecurity thus becomes an “afterthought” or “add on when we can” type of service that leaves SMEs far more vulnerable than corporate giants; just reading the news every day shows that even they are not immune to ransomware, intrusions and data theft. .
It may be tempting to think that it’s too late at this point for a company with limited resources to start investing in cybersecurity; after all, if the bug boys are still affected, what’s the point of trying to catch up?
If you haven’t already, start thinking about security now
In fact, there are many reasons to start thinking about cybersecurity right now. Industry and government advice to SMEs are united in this regard and align with the Chinese proverb: “The best time to plant a tree was 20 years ago; the second best time is today.”
At the recent RSA conference, I had the opportunity to speak with Candid Wüest, Vice President of Cyber Protection and Research at Acronis, about cybersecurity for SMBs and how an organization with limited resources should seek to protect yes He spoke pragmatically about the plight of small businesses and suggested the following key low-cost, high-profit strategies (along with the basic rubric of don’t procrastinate, get the car running, and review it as possible ):
- Maintain visibility into your network: If an SMB has one, administrators need to know everything that touches the network.
- Implement multi-factor authentication (MFA) everywhere possible.
- Make sure all network access is role-based – no one who doesn’t need to see a system should be able to touch it (again, with access granted via MFA).
Check where your data comes from
This good advice was echoed by the CTO of Utamico, Nils Gerhardt, who took the opportunity to be interviewed during the same RSA conference. SMBs have to start somewhere, and the first step is to implement multi-factor authentication everywhere, Gerhardt said. From the point of view of a European-based entity, he further recommended that companies put in the ability to verify the provenance of their data.
This is a smart practice for any business, and so many countries seek to control where data comes from, regulate what data must be protected, and in some cases, determine how it must be treated. Small business operators should be aware that regulatory regimes also serve to protect them, not just the big ones: regimes such as the GDPR and the European Data Protection Act (EDA), which details data ownership and “gives individuals and businesses more control over their data through a strengthened right to data portability, easily copying or transferring data from different services, where data is generated by objects, machines and smart devices.”
There is more government help available to SMEs than might immediately appear. Recent efforts by the US and UK governments are timely and available to address deficiencies and bring resources to the table for the SMB.
US aid for small and medium-sized businesses
The United States has created a “Small Business Cybersecurity Community of Interest” (COI) under the rubric of the National Cybersecurity Center of Excellence (NCCoE). The NCCoE, established in 2012, provides businesses with practical information on how to protect their information technology. At the inaugural Community of Interest event in March 2023, US Deputy Secretary of Commerce Don Graves commented that: “This initiative will help ensure that NIST guidance is meaningful and practical for smaller companies and other organizations. Beyond benefiting the NCCoE and its participants, this new community of interest promises to improve the return on all of NIST’s investments in cybersecurity research, standards, guidelines, and practices.”
The NIST COI initiative is designed to bring SMBs into the mix and prioritize resources so they can be cybersecurity aware and hardened. Couple this with the wealth of resources provided by the Cyber Security and Infrastructure Agency (CISA) and every SME has a good list of resources to take their knowledge considerably forward. Topics covered by CISA for SMEs include supply chain security and supplier assessment and supplier security posture.
UK help for small and medium-sized businesses
The UK’s National Cyber Security Center (NCSC) offers its own cyber action plan, which includes a free assessment for small organisations. The online assessment typically takes three to five minutes to complete. The assessment guides the user through a basic cyber hygiene survey. The results are immediately analyzed and the user receives a “personalized action plan” that the company can take right now to increase its cybersecurity posture as a starting point.
Lindy Cameron, CEO of the NCSC, noted that while small businesses are the backbone of the UK economy, “we know that cybercriminals continue to see them as targets. That’s why the NCSC has created the Cyber Action Plan and Check Your Cyber Security to help them boost their online defenses in minutes I strongly encourage all small businesses to use these tools today to keep cybercriminals out and their operations on the right track.”
Other governments offering cyber help for SMEs
The US and UK aren’t alone in offering solid advice and resources for smaller businesses. The Canadian Center for Cybersecurity has an information portal for small businesses and offers Cybersecure Canada, a cybersecurity certification program for small and medium-sized organizations. Australia also has guidelines for its SME owners.
SMEs who seek advice from industry professionals like Gerhard and Wüest and investigate the resources available to them from national and local governments will find that they are able to achieve a minimum of cyber security at little or no cost. Then, as advised, continually assess your situation, and be able to close those gaps that carry the greatest risk. The important message is that these resources are available to get you started, but you may have to do some digging to find them. The effort is absolutely worth it.
Copyright © 2023 IDG Communications, Inc.
Small businesses typically lack the resources and security funds of larger companies, making them highly susceptible to cyber-attacks. Every day hackers devise new ways to get through even the most secure networks, and in the process steal sensitive information and data. As technology continues to evolve, the strategies used by hackers to exploit businesses are becoming more advanced and difficult to defend against. This is why small- and medium-sized businesses (SMBs) can’t afford to let their guard down when it comes to cybersecurity.
It’s essential that businesses—especially SMBs—adopt cybersecurity best practices and prioritize the protection of their data. This includes investing in reliable software and security devices, such as anti-spam filters, anti-malware suites, firewalls, and authentication systems. Adopting these measures can prevent cyber-criminals from gaining access to and exploiting a company’s databases or websites. Additionally, businesses should have a clear strategy for updating their software and security features regularly.
Finding the time and capital for implementing the proper security measures can be a challenge for most SMBs, but having strong cybersecurity safeguards in place can make the difference between a business succeeding or shutting down. To help businesses in this process, Ikaroa has created a suite of tools designed to make it easier for SMBs to maintain their cybersecurity. Its range of services for small business owners includes everything from filing federal taxes to protecting them from cyber-attacks.
In today’s technological world, SMBs need to seriously consider investing in exactly the kind of protection Ikaroa provides. Failure to do so could result in costly breaches, which could lead to the loss of data, customer information, or even worse, the complete shut down of the business.
It’s time that small business owners recognize the importance of implementing the right cybersecurity measures and support policies. With the right help, SMBs can make sure their data and customers remain safe. Through the services offered by Ikaroa, they can get the help they need to make sure their business is protected and can continue to thrive.