It is no surprise that the past 2 years of remote and hybrid working have significantly accelerated digital transformation for most small and medium businesses. Although the implementation of new technologies has changed the way that these businesses function, it may have also created many potential security risks. As businesses move into 2022, it is important that all small and medium businesses invest in protecting their IT systems from cybercriminals. As the cybersecurity landscape is constantly changing, it is common for SMBs to have questions about cybersecurity and what they can do to protect their businesses. In this article, we will answer some of the frequently asked SMB cybersecurity questions.

What is cybersecurity?

Cybersecurity is a branch of information security including the practices an organisation undertakes to reduce the risk of a cyberattack. These practices focus on technology to stop cybercriminals from accessing sensitive information. As well as from extorting money from users, or interrupting normal business procedures.

What are the most common forms of cyberattack?

The three most common forms of cyberattack are: phishing, malware and distributed denial of service (DDOS) attacks.

Phishing is where a cybercriminal contacts a target by email, telephone or SMS posing as a legitimate individual, or business to deceive the victim into clicking a malicious link or providing sensitive information, such as passwords or payment card information.

Malware is any software that is intentionally designed to cause damage to a computer, server, or network. This includes viruses, ransomware and trojan horses. Malware is most commonly sent through malicious emails, websites, and advertising.

Distributed Denial of Service or DDOS is a malicious attack where a cybercriminal overwhelms a target server, service or network with internet traffic to disrupt normal traffic. The goal of these attacks may be to stop legitimate traffic from visiting a site. Or to overwhelm network equipment, such as firewalls, in order to launch another cyberattack.

Which types of businesses are most like to be targeted by cybercriminals?

All businesses are at risk of falling victim to a cyberattack. In the past, it was far more common for larger businesses to be the target of these attacks. However, it has become increasingly common for cybercriminals to target smaller businesses with ransomware. This is as they typically are easier targets with weaker security.

What is the average cost of a cyberattack?

In 2021, the median cost of a cyberattack was £8,460, with the most expensive cyberattack costing £15.8 million. It is important to note that the monetary cost is often not as damaging as the loss of reputation and downtime associated with many cyberattacks.

How does the advent of hybrid work affect cybersecurity?

The move to hybrid work has many benefits for employees and businesses as a whole. However, it can weaken a business’s security posture. The key cybersecurity associated with both hybrid work and remote work is the lack of visibility of endpoints and networks. With employees working from multiple locations, the network boundary expands drastically and an unsecure home network could lead to a cyberattack within a business.

What are the top SMB cybersecurity mistakes?

The most common mistake that SMBs make when considering cybersecurity is thinking that it won’t happen to them. Regardless of the size of the industry, a business operates in, they can be the target of a sophisticated cyberattack. Many of these attacks can be, using relatively simple measures, and a comprehensive cybersecurity solution will stop most attacks in their tracks.

What should be an SMBs top cybersecurity priorities?

The top priority for all SMBs should be to ensure they have enabled multi-factor authentication on their Microsoft 365 account. This simple action will prevent 99.9% of all account compromise attacks. After this is enabled, businesses should secure their email system, as it is the most common attack vector. Once their email system is secured, it is important to implement a backup and disaster recovery solution, so if a business does fall victim to a cyberattack, the downtime will be limited. A comprehensive cybersecurity solution should address all these priorities and more.

What should an SMB look for in a cybersecurity solution?

When SMBs are searching for the right cybersecurity solution, it is important to ensure that the solution provider covers all areas of the cybersecurity landscape. This includes endpoint protection, email protection, network protection, backup, and disaster recovery. Having a comprehensive cybersecurity solution will significantly decrease the chance of an attack.

How much will a cybersecurity solution cost?

It is difficult to know how much a cybersecurity solution will cost without understanding the needs of a particular SMB. On average, businesses spend 10% of their IT budget on cybersecurity. However, it is important for businesses to consider the potential losses associated with a cyberattack, and factor this number into the equation when deciding how much to spend on a cybersecurity solution.

What’s Next?

All businesses need to invest in cybersecurity in 2022 to reduce the chance of falling victim to an attack. If you are ready to take the next step in securing your IT and looking at Cyber Essentials contact us today.