Computer Antivirus provider Vipre recently conducted a study to see how small-to-medium businesses (SMB) would be impacted by a data breach.
The findings were startling – they indicated that, in the event of a data breach, up to two-thirds of these companies could either go out of business completely or have to shut down for at least one day.
Practically, this is very concerning.
A worrying statistic
This worrying statistic is perhaps made worse when considering that up to 23% of these SMBs were reportedly experiencing cyberattacks every day. With the average enterprise data breach costing some £1.3 million according to some sources, it’s easy to see why the cost of a breach could wipe out a smaller firm.
SMBs typically have less resources when compared to larger businesses so they may be unable to afford the time, money or manpower to establish a stronger security set-up. They also often lack knowledge and understanding of cybersecurity and infrastructure. To tackle cyber-risks, SMBs need to know why cybersecurity is so important as well as knowing the risks they’re putting themselves and their customers in, and how to make the best of security measures.
SMBs are reportedly more concerned about the risks
Businesses who lack resources might be ignorant of the risks and not respect and value the importance of cybersecurity until it’s too late. On a brighter note, 75% of SMBs have said they’re more concerned about cybersecurity than in previous years; no doubt because of the recent exposure to high profile data breaches in the media, like the huge HBO hacking and the international WannaCry ransomware attack.
A lot of SMBs also work with other companies and partners for outsourcing specialist services. This can invariably weaken security systems on the whole, and the weakest link in a third party could be the downfall for many enterprises if their security isn’t up-to-scratch.
Senior Vice-President and General Manager for SMB businesses at security firm Avast, Kevin Chapman, warned that “enterprises are only as secure as their partners.”
He added that, as the weakest link, SMBs can reluctantly allow “hackers entry into the network of their larger and more lucrative partners.”
What can be done?
Chapman provides five steps for larger companies to take before partnering up with an SMB:
- Defined access privileges and restriction to network resources. Only give an SMB access to information if necessary. If a breach should occur, the impact could be greatly reduced
- Thorough password policies that require a strong password to be created and changed frequently
- Next-gen antivirus and automated patch management software to identify and stop threats from websites, files and emails
- Security training to educate employees on best practices for passwords, safe web browsing and identifying suspicious emails. (Teaching employees about the legal consequences should help as extra motivation!)
- A comprehensive policy for any cyber security for company and personal devices to be just as strong, if not stronger
CTO at Tech group Datto, Robert Gibbons, also encourages companies to:
“…search for a provider that offers a multi-layered security solution for data protection, including perimeter and endpoint protection, and a comprehensive backup and recovery solution.”
With the colossal damage a data breach can cause, SMBs need to do all they can to implement strong cybersecurity protocols if they want to successfully fend off cyberattacks. Innocent consumers should not have to pay the price of a data breach if a company remains ignorant or neglects its duties under data protection rules. After May 2018, company directors can no longer shrug off these responsibilities by leaving the company as the new General Data Protection Regulations can hold them individually accountable and issue huge fines to them personally.