Are small to medium-sized enterprises (SMEs) doing enough to protect their cyber environment and business from cyberattacks? In this article, we will look at the interconnection between SMEs and other parties, the potential costs associated with cyber threats such as a data breach, and we will analyze the steps each party should take to improve the business environment and create a resilient cyber environment for the company in today’s technologically driven society.
In most countries, SMEs are a major driver to the economy, contributing on average, to 45% of a country’s GDP. bringing growth, productivity and innovation while accounting for more than 50% of jobs around the globe. During the normal course of a business, SMEs will generate sensitive data associated with the customer, organization, suppliers and employees. As such, SMEs need to safe-guard this data, making sure sensitive information is not breached and that cyber-attacks do not cripple the company’s ability to function, potentially leading to job losses, regulatory fines, loss of revenue, and customer disruption.
Cyber-attacks can come in different shapes and forms with a variety of different costs associated with them. CSIS and McAffe estimated that the cost of cybercrime has reached US$600 billion in 2018. Accenture has estimated that there is over US$5.2 trillion of value at risk caused by both direct and indirect cyber-attacks. According to a Verizon study, 43% of cyber attack victims were small businesses. Some attacks may look into gathering intellectual property your firm has, others will try to gain insight on how your business works and information on the clients you provide services to. There are also cyber criminals interested in your employee’s data and in using your company (e.g. e-mail) to attack other entities.
It is important to note, whether the small to medium company is a construction firm, a telecommunications provider or a small coffee shop, they may all be targets of cyberattacks. Great amounts of information are created by businesses daily and this data is becoming more valuable to criminals, which is why SMEs must take preventive actions to create a safer environment for their business, employees, suppliers and clients.
Customers should continue to monitor their accounts and name to ensure that hackers are not utilizing their data for personal profit, while also continuously changing their passwords to make it more difficult for criminals to maintain access to their accounts. Customers should demand that vendors take the necessary precautions to protect their data from being leaked (e.g. credit card information, customer’s habits, etc.) while also not sharing their information if it is not necessary to do so. Sometimes, depending on the sensitivity of the information you give certain businesses, it might be worth asking the appropriate representative about what they are doing with such information and why they must have access to it.
A cyber-attack at an SME is less likely to be found since such organizations usually have limited resources to spend on cyber security. Further, threats of this nature are more likely to be ignored or put under wraps to ensure that it does not lead to a loss of business and or harms the company’s cash flow. However, there are many ways in which a company can be cyber safe without hurting their pockets. It often boils down to creating good habits, cyber hygiene and increasing employee awareness.
The business environment needs to be set in a way where SMEs are not hiding the security breaches from their clients, which will ensure that their clients are better positioned to respond to the breach if needed. Contracts need to be written with an emphasis on safeguarding organizational systems and data by emphasizing cybersecurity measures that aim to protect both the vendor and clients. Both sides need to properly assess the situation when a breach occurs before a contract is terminated (e.g. whether or not procedures were followed). Although we are mainly talking about the vendor, it is essential that the client – whether an individual or other enterprise – takes proactive steps to ensure that it does not serve as a gateway to hackers into other networks and organizations. It is key to remember that in a connected world, everyone is responsible for cyber security.