How small businesses can (easily) stay on top.

An image of , Cyber Security, How small businesses can (easily) stay on top.

While much attention is paid to large cyber-attacks against corporations – think Wonga, Talk Talk and Tesco – small businesses are equally susceptible to cybercrime. According to a study by the UK government, almost half (48%) of small businesses reported having been impacted by a cyber breach or attack in the last twelve months. At the same time, research from the Federation of Small Businesses (FSB) reveals that 65% of SMEs are unprepared for such attacks.

What makes small businesses vulnerable is their lack of infrastructure and resources, especially compared to those that large companies can devote to IT security. With that said, there are some simple but impactful steps small businesses can take in order to protect themselves in the face of an ever-expanding attack surface. But first, a quick look at the challenges that small businesses are confronting.

The unique threat facing small businesses

As mentioned above, small businesses are especially vulnerable to cybercrime because of IT security spending constraints and staffing limitations. This common sense takeaway bears out in the data. According to a recent report by US IT security firm Barracuda Networks, an average employee of a small business with less than 100 employees will receive 350% more social engineering attacks than the average employee of a large enterprise. In seeking to trick people into divulging data that may prove materially or socially beneficial (credit card information, banking information, passport numbers) social engineering-oriented cyber criminals likely know that the hardware and software protecting enterprises isn’t always financially accessible to small businesses. Case in point: although cybercrime is up, in its 2022 Cyber Readiness Report Hiscox UK reported that overall small business IT spending is down – perhaps a casualty of pandemic-induced financial pressures, including global market fluctuations and supply chain woes.

Strategies for minimising data security risks

In the same Hiscox report, one in five respondents said they ‘risked insolvency because of a cyber incident’. While it’s easy to feel disheartened by this statistic – and the growing financial and security-related pressures small businesses must contend with – there are some simple and straightforward security best practices small businesses can immediately implement in order to minimise risk to their bottom lines.

The nuts and bolts: 2FA and strong passwords

To start, small businesses can protect their devices by always updating to the latest version of device software, updating browsers and operating systems, and installing reputable anti-virus (AV) software. They can further shore up device security with two-factor authentication (2FA), a technological approach that requires users to utilize two separate methods of verifying their identity in order to access an account. A useful definition for 2FA is that logging into a service involves something that you know, such as a password, and something that you have, such as your phone, hardware token, or other authentication code. According to a survey by the Cyber Readiness Institute, 54% of small businesses haven’t set up multi-factor authentication (another way of referring to 2FA and the most common way to describe the process beyond using one step to log in to an account). This is a fairly dismal showing when considering 2FA is the best strategy for combating risks associated with compromised passwords. While we’re on the topic of passwords, creating strong and unique passwords is non-negotiable. Passwords are the first line of defence for data. They should not be easy to guess and should not be reused across sites. While reusing passwords is tempting – most people rely on memory to ‘manage’ their passwords, which makes reuse common – it leaves data even more vulnerable.

The best, and most straightforward, strategy for managing passwords is to use a password manager. Password managers allow users to generate new, unique passwords that are then stored in a virtual vault. When a user visits a site or opens an app that is linked to the password manager, the password manager automatically fills in the user’s login name and password.

Most password managers are intuitive and engineered to be integrated into existing workflows with little disruption. They also require very little training. In short, they offer a lot of bang for their buck, especially when considering there are a number of good, affordable business password managers available on the market. Ultimately, password managers save organizations time, money, and peace of mind in the long run.

Knowing when to take a second look

Being aware of how to deflect phishing threats is also very useful. Phishing refers to the psychological strategies scammers use to manipulate humans into clicking on compromised links or divulging sensitive information. It can be done through emails, phone calls, and texting, and falls underneath the ‘social engineering’ umbrella mentioned earlier.

There are a few simple steps for staying safe from phishing attacks. To start, small business employees should check to make sure emails they receive look legitimate and are from a proper institution. They should hover over links to confirm they’re going to the right website and avoid clicking on links they’re unsure about – at least until confirmed by further research. Alternatively, they can directly log in to the account in question to confirm veracity. They should also avoid opening attachments from people they don’t know – or unexpected attachments from people they do know without checking first. Password managers themselves also help mitigate phishing attacks.

None of these recommendations involve purchasing technologies that break the bank or setting aside a slush fund for cyber insurance. They don’t necessitate AI, machine learning, threat teams, or the hiring of a Chief Security Officer. Just a little bit of upfront effort (taking the time for system updates, implementing 2FA/MFA and a business-wide password manager, and an awareness of risks) will pay off
in dividends.

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...