Sign up for our Newsletter
Keep up to date with the latest IT news, tips and guides from Dragon IS and sign up here:
Trusted and Proactive IT Support and Managed IT Services
Cybersecurity health check for SMEs
It feels like you can’t go a day without hearing about another business or organisation that has been successfully targeted by cyber attackers.
Ticketmaster recently became the victim of one of the biggest alleged breaches in history, following an attack that is thought to have compromised the personal details of a staggering 500 million customers worldwide. The group behind the attack also credited with having been responsible for a separate breach at banking giant Santander, involving the details of some 30 million customers.
But it’s not just big businesses who are under pressure.
From the NHS and Ministry of Defence to local councils, universities, schools and local businesses, cyber criminals are not picky. Every type and size of organisations is a potential target and payday for them.
Indeed, half of UK businesses and around a third of charities have experienced some form of cyber security breach or attack in the last 12 months. That’s according to the latest government statistics, which reveal phishing remains the most common strategy used by criminals.
Small and medium-sized enterprises (SMEs) who have yet to experience a cyberattack can often underestimate the potential financial impact such an attack might have, not to the mention the service disruption and reputational damage it might cause.
While so called ‘cyber hygiene’ – the use of practices designed to help keep data safe and secure and to guard against cyber threats – may be improving amongst SMEs, there is still a lot more that businesses could do to lower their risk.
Common cyber threats facing SMEs
Before we check how strong your existing defences may be, let’s take a quick look at some of the most common types of cyberattacks facing businesses today.
Ransomware: Ransomware attacks involve hackers encrypting a business’s data and demanding a ransom for its release. SMEs are often targeted because they may not have adequate backup systems in place, making them more likely to pay the ransom to regain access to their data.
Phishing: Phishing scams involve cybercriminals sending fraudulent emails or messages to trick employees into revealing sensitive information, such as login credentials or financial details. SMEs are particularly vulnerable to phishing attacks due to a lack of cybersecurity awareness and training among employees.
Malware: Malware is malicious software designed to infiltrate and damage computer systems. SMEs may be targeted by malware that can steal sensitive information, disrupt operations, or cause significant damage to their IT infrastructure.
DDoS Attacks: Distributed Denial of Service (DDoS) attacks overwhelm a business’s IT infrastructure with traffic, causing their systems to crash. This can lead to significant disruption to business operations and financial loss.
Supply Chain Attacks: Cybercriminals may target SMEs by exploiting vulnerabilities in their supply chain partners’ systems. This can lead to data breaches or other security incidents that can affect the entire supply chain.
10-point cybersecurity health quiz
How well informed and protected is your business to cope with the increasing cybersecurity threat? Here are 10 key areas to think about:
– Have you conducted a comprehensive risk assessment to identify potential threats and vulnerabilities?
– Do you regularly review and update this assessment?
– Are user accounts properly managed? (e.g., strong passwords, multi-factor authentication, facial or finger recognition for devices)
– Do you restrict access to sensitive data based on roles and responsibilities?
– How do you handle customer data? Is it encrypted during storage and transmission?
– Do you have a data backup and recovery plan?
– Do you know all the locations where your data is stored and what type of data it is?
– Do you store all your backups off-site and only permit authorised people access to them?
– Are your operating systems, applications, and antivirus software up to date?
– Do you promptly apply security patches?
– Have you provided cybersecurity awareness training to your staff?
– Do employees know how to recognise phishing emails and how to report them?
– Have you developed an incident response plan?
– Do employees know whom to contact in case of a security breach?
– Is your Wi-Fi network secured with WPA3 encryption?
– Have you segmented your network to isolate critical systems?
– Do you stop employees from using USB sticks and charging personal mobiles on your devices?
– Are screens set to lock automatically after a short period of inactivity?
– Do you prevent staff from using public WiFi connections?
– Have you set up all 3 email security records (SPF, DKIM, DMARC) for your email domain to ensure scammers can’t impersonate your email addresses
– When you get an email request to change payment details for an invoice or salary, do you have a clear and easy process to check it’s a legitimate request?
– Do you assess every company in your supply chain to ensure they have good security practices in place?
How to enhance your cybersecurity
Given the significant risks posed by cyber threats, it is crucial for SMEs to implement robust cybersecurity measures. Here are some steps that you can take to better protect yourself:
The cybersecurity threat to small and medium-sized businesses is real and growing. We advise all businesses to take proactive steps to protect themselves and safeguard their assets, data, and reputation.
By investing in cybersecurity solutions, educating employees, conducting regular security assessments, and partnering with experts, you can build a strong defence that support you to run your business with confidence.
Need expert IT support?
Here at Dragon IS, we work with small and medium sized businesses, helping them with a broad range of issues relating to their IT infrastructure and cybersecurity. Call us for an informal chat on 01908 613 080 or email info@dragon-is.co.uk
You may also be interested in: