How small businesses can (easily) stay on top.

24th November 2022

While much attention is paid to large cyber-attacks against corporations – think Wonga, Talk Talk and Tesco – small businesses are equally susceptible to cybercrime. According to a study by the UK government, almost half (48%) of small businesses reported having been impacted by a cyber breach or attack in the last twelve months. At the same time, research from the Federation of Small Businesses (FSB) reveals that 65% of SMEs are unprepared for such attacks.

What makes small businesses vulnerable is their lack of infrastructure and resources, especially compared to those that large companies can devote to IT security. With that said, there are some simple but impactful steps small businesses can take in order to protect themselves in the face of an ever-expanding attack surface. But first, a quick look at the challenges that small businesses are confronting.

The unique threat facing small businesses

As mentioned above, small businesses are especially vulnerable to cybercrime because of IT security spending constraints and staffing limitations. This common sense takeaway bears out in the data. According to a recent report by US IT security firm Barracuda Networks, an average employee of a small business with less than 100 employees will receive 350% more social engineering attacks than the average employee of a large enterprise. In seeking to trick people into divulging data that may prove materially or socially beneficial (credit card information, banking information, passport numbers) social engineering-oriented cyber criminals likely know that the hardware and software protecting enterprises isn’t always financially accessible to small businesses. Case in point: although cybercrime is up, in its 2022 Cyber Readiness Report Hiscox UK reported that overall small business IT spending is down – perhaps a casualty of pandemic-induced financial pressures, including global market fluctuations and supply chain woes.

Could empowering the frontline with data help businesses to stay resilient?
Trending
Could empowering the frontline with data help businesses to stay resilient?

Strategies for minimising data security risks

In the same Hiscox report, one in five respondents said they ‘risked insolvency because of a cyber incident’. While it’s easy to feel disheartened by this statistic – and the growing financial and security-related pressures small businesses must contend with – there are some simple and straightforward security best practices small businesses can immediately implement in order to minimise risk to their bottom lines.

The nuts and bolts: 2FA and strong passwords

To start, small businesses can protect their devices by always updating to the latest version of device software, updating browsers and operating systems, and installing reputable anti-virus (AV) software. They can further shore up device security with two-factor authentication (2FA), a technological approach that requires users to utilize two separate methods of verifying their identity in order to access an account. A useful definition for 2FA is that logging into a service involves something that you know, such as a password, and something that you have, such as your phone, hardware token, or other authentication code. According to a survey by the Cyber Readiness Institute, 54% of small businesses haven’t set up multi-factor authentication (another way of referring to 2FA and the most common way to describe the process beyond using one step to log in to an account). This is a fairly dismal showing when considering 2FA is the best strategy for combating risks associated with compromised passwords. While we’re on the topic of passwords, creating strong and unique passwords is non-negotiable. Passwords are the first line of defence for data. They should not be easy to guess and should not be reused across sites. While reusing passwords is tempting – most people rely on memory to ‘manage’ their passwords, which makes reuse common – it leaves data even more vulnerable.

The best, and most straightforward, strategy for managing passwords is to use a password manager. Password managers allow users to generate new, unique passwords that are then stored in a virtual vault. When a user visits a site or opens an app that is linked to the password manager, the password manager automatically fills in the user’s login name and password.

Most password managers are intuitive and engineered to be integrated into existing workflows with little disruption. They also require very little training. In short, they offer a lot of bang for their buck, especially when considering there are a number of good, affordable business password managers available on the market. Ultimately, password managers save organizations time, money, and peace of mind in the long run.

Knowing when to take a second look

Being aware of how to deflect phishing threats is also very useful. Phishing refers to the psychological strategies scammers use to manipulate humans into clicking on compromised links or divulging sensitive information. It can be done through emails, phone calls, and texting, and falls underneath the ‘social engineering’ umbrella mentioned earlier.

There are a few simple steps for staying safe from phishing attacks. To start, small business employees should check to make sure emails they receive look legitimate and are from a proper institution. They should hover over links to confirm they’re going to the right website and avoid clicking on links they’re unsure about – at least until confirmed by further research. Alternatively, they can directly log in to the account in question to confirm veracity. They should also avoid opening attachments from people they don’t know – or unexpected attachments from people they do know without checking first. Password managers themselves also help mitigate phishing attacks.

None of these recommendations involve purchasing technologies that break the bank or setting aside a slush fund for cyber insurance. They don’t necessitate AI, machine learning, threat teams, or the hiring of a Chief Security Officer. Just a little bit of upfront effort (taking the time for system updates, implementing 2FA/MFA and a business-wide password manager, and an awareness of risks) will pay off
in dividends.

We think you'll like:

Gary Orenstein

Unlock the Power of WiFi 6: How To Leverage It...

TBT Newsroom • 01st March 2023

Are you tired of being left behind in the technological world? Well, fear not! WiFi 6 is here to save the day and bring your business into the future. With unprecedented speeds and a host of new capabilities, WiFi 6 is the must-have technology for any business looking to stay ahead of the curve.

Sustainable Phones

TBT Newsroom • 04th May 2022

Cat phones (made by UK-based company Bullitt Group) are explicitly designed to be rugged, with devices built to last and have a longer lifespan. Industry Analyst firm Canalys notes that the current average lifecycle of smartphones in the mass market is approximately 37 months for iPhones and 33 months for Android devices.

From Credit Cards To Mobile Payment  

Ripsy Plaid • 27th April 2022

Plaid, the open finance data network, and payments platform have appointed Ripsy Bandourian as its first Head of Europe as it continues to rapidly expand across the continent. Based in Amsterdam, Ripsy will lead the business strategy and operations for Plaid’s Europe arm as it moves into its next stage of growth. 

How biometric technology can be used for remote proof of...

Chris Corfield • 08th April 2022

The pandemic has accelerated the adoption of digital financial services, driving organizations to speed up their transformation programs globally. Most banks, as well as pension providers, are still in the early stages of integrating technologies such as machine learning and artificial intelligence, and as the world continues to battle the long-term effects of COVID-19, the...