The answer is yes.
In fact, according to the Symantec 2016 Internet Security Threat Report, the last 5 years have shown a steady increase in attacks targeting businesses with less than 250 employees.
A whopping 43% of the global attacks logged during 2015 were against small businesses compared to 35% of attacks on large businesses in the same period.
Why are small businesses considered a soft target?
Both small and medium size businesses in South Africa severely underestimate the risk of a cyber-attack.
They mistakenly believe that they don’t carry the sort of data or funds that a cybercriminal would want. This often leads to small and medium size businesses not fully protecting their infrastructures or devices against cyber-attacks, while their financial processes may not be as thorough as that of large organisations.
Data: SMEs often provide part or all of sensitive products or services to larger business partners and are seen by cybercriminals as a back door into those larger organisations they supply.
Money: Regardless of the size of your company, if there is a profit to be made from your business, cyber criminals will attack. Don’t be fooled into thinking that large profits are all that cyber criminals will target, because any gain is good enough for them.
So what are the risks to your business?
Unknown Data Breaches: A breach which goes undetected, will be followed by unknown data theft. This can lead to serious legal repercussions which your company will be ill prepared to manage.
Brand Damage. The stigma as a result of a security compromise can be impossible to repair, while managing such an event can bring normal business productivity to a halt.
Loss of Money. When security protocols are not in place, it is easier for cybercriminals to gain access to, and extract funds out of the company bank account through identify theft, spear-phishing or impersonation.
Ransomware. This targets not only employees but any devices connected to a company’s hacked network. When cybercriminals encrypt data or attack a device, they will request some sort of payment for data to be decrypted or access to a device to be re-enabled. This costs you not only money, but lost time as well.
Website Hacks. When website updates and patches are not applied regularly, this significantly increases the likelihood of a hack. This is not only damaging to your brand, but when personal data is collected via the website, this exposes your clients and prospects to threats.
What should I do?
Today, affordable enterprise level security solutions are available to all size businesses. How these solutions are implemented and managed however is key to their success. When implementing cyber security solutions, always think ‘People . Process . Technology’.
Security education at all levels: Establish a ‘security aware’ culture within your company. Develop policies and guidelines for protecting company data on both corporate and personal devices. Implement a training program on phishing schemes which will increase the likelihood of employees identifying suspicious emails.
Take a solid approach to security: A ‘big picture’ approach to security is absolutely critical. Be sure that you know where your data is stored, how it is accessed and by who. Understand the various layers of security within your company. Partner with a MSP (Managed Services Provider) that understands your business and security requirements and has the capacity and skill to manage an attack immediately.
Be prepared for a security breach: No set of security measures is completely infallible to a breach. Make sure you know how to deal with a security incident quickly and efficiently by developing a Security Incident Response Plan and performing scenario testing at various intervals throughout the year.
Don’t ignore the cyber security threat: Use carefully selected threat and adversary intelligence solutions so that you know when you have been compromised. This will help you quickly respond to a threat and avoid the cost and downtime associated with a breach.
Get the support of a trusted MSP
No matter whether you’re a business owner or IT Manager, keeping abreast of the current state of cybercrime can be exceptionally time consuming. Even when you have good cyber security measures in place, this presents the danger of important considerations and activities slipping through the cracks.
By working together with a good Managed Services Provider, you will have the access you need to their skills, knowledge and of course, manpower.
MMC performed the very first Symantec ATP installation in South Africa – something for which our team was recognised by Symantec for the innovative manner in which the product was integrated and installed.
Our clients are all familiar with the passion and dedication, as well as the incredibly vast knowledge of our team. We design affordable, highly efficient solutions that are tailored to the specific needs of our clients. Let us get together with you to talk about cyber security in your business.