Given the continued lockdown and the economic impact on many businesses, it’s easy to understand why small and medium enterprises (SMEs) are cutting back on non-essential spending – especially when they’re faced with the need to suddenly invest in new hardware and software to facilitate remote working.
However, as we’ve all recently learnt, preparedness is everything. When it comes to protecting SMEs’ business IT, while a lot of solutions come with some basic security, it pays off to be a lot more suspicious about the extent of the measures that are actually in place.
The Extent Of The Risk
SMEs are the backbone of many nations’ economies. However, as we’ve discussed previously, they’re also much more likely to be targeted by hackers.
In Belgium alone, 95% of companies are SMEs – meaning the vast majority of businesses are vulnerable to cyber attacks. While this is worrying enough, given the level of preparedness many (don’t) currently have, there’s potential for a lot of things to go wrong.
Looking at local stats here in the province of Limburg in Belgium, it seems there’s an even split between companies that handle their own IT and those that outsource. And of those that take care of IT in-house, only 30% have the correct backup, firewall, and antivirus software. Less than a quarter (23%) have a contingency plan and only 6% have cybersecurity insurance.
Admittedly, while this is an example from one region, it’s certainly not atypical of SMEs’ attitudes in other parts of the world.
The Cloud Isn’t Always Enough
We know that to facilitate remote working many SMEs have prioritised cloud migration. This in itself is a very positive first step towards better IT security. However, it’s important for companies to keep in mind that the ‘cloud’ itself is simply another (remote) data server – one that’s also hackable itself.
Therefore small businesses need to be certain that the provider they choose has a data recovery programme – so that they can access all files and information if the worst happens. Having a hard copy backup (on a laptop) is essential too – as long as the right encryption software is used.
It’s also a good idea to ensure that any third party app developers – or any other businesses in the supply chain – have IT security as a priority. If not, it could well be time to reconsider the services used.
Fail To Prepare = Prepare To Fail
Wherever there’s data – be it customer data, employee information, personal details, passwords – the right protective measures need to be put in place.
From 2-Factor Authentication to antivirus software; data encryption to email spam filters – software security solutions are numerous. But they need to be treated as standalone cures rather than holistic remedies.
The fact is, the wider implications of not having the right protective measures in place are even more costly than implementing them – often ten times more expensive. Imagine having to fork out thousands of Euros as ransom money to get back access to company data…
Then there’s the need to monitor the use of stolen customer data – and that’s even before you consider the costs of involving lawyers, crisis communications specialists, and forensic investigators – not to mention the financial losses resulting from loss of brand confidence. And be aware, insurance companies are not likely to pay if your IT environment is not properly secured and up-to-date.
To address the current downturn, many SMEs are doing all they can to stay operational. While there are lots of peripheral matters out of their control right now, there’s a particular urgency for all businesses to maintain best practice – to ensure other companies stay afloat too.
This doesn’t just mean paying suppliers on time – it also means keeping customer and company data safe. That’s something that’ll continue to have resonance long after the COVID lockdown.
Ultimately, we’re all in this together. All anyone can do right now is to hope for the best, but prepare for the worst. That way, nothing can catch businesses off-guard.
Did you know there’s funding available to help Belgian companies get in-depth cybersecurity advice or training? To learn more about this and other data protection initiatives, email us on firstname.lastname@example.org or call +3289763676.