Why SME’s should be concerned about cybersecurity!

Why is it that small and medium businesses and not for profit organisations do not consider themselves a cyber criminal target?   In most instances the owners and management have talked themselves into this sort of attitude.   The stats are starting to show that the SME space is an increasing lucrative target for cyber criminals.

The “we are too small to be a target” syndrome is very noticeable in the SME business environment.   Why that has happened is due to three points – ICT Security is too hard, too costly and too time consuming to implement.

Most small and medium business are targets for three reasons,

  • they have a better level of innovation within the business,
  • they are a back door into larger enterprise environments through intranets and approved contact and
  • they have a higher level of accessible intellectual property.

How do we counteract this development and get the SME businesses to put more focus on the protection of their data, their staff and their client information?   We have to start making it easier to understand.   Cybersecurity is NOT rocket science.   Most of the time common sense will trump most of the focused attacks targeted at SME organisations.

Once they understand the cybersecurity requirements, there is still the underlying problem that most SME face and that is the cost of implementing the required security technology.   Once again this still comes down to common sense.

The best way for an SME to protect themselves is to “BE PREPARED”

This can be achieved in four ways.

Use security products that are focused on the small and medium business market.   There are a large number of security and software companies that focus solely on this market.   From routers and wireless access points to anti virus and centrally managed end point protection.   You need to go to the next level, home security products are designed for easy access and a moderate level security, a business product has a higher level of focus on business related information.

Train your staff and yourself to be security aware.   Be alert to minor changes.   Look at using policies and procedures to ensure that the business is secure.   Make changes as required.   Train your staff to be nosy in the office, to a certain level.   If your staff are aware of small changes they will react better and in a more logical way to things that may not seem out of place to a less vigilant group.   Some times there are false alarms but when your are the curator of other peoples information paranoid is a better way to be.

Be proactive!   If you can think of ways that your business information can be stolen then I can guarantee that the cyber criminals have thought about it as well.    Once again common sense is good but with paranoid tendencies your business security envelope will be better developed.

Audit your “electronic” business regularly.   Your business relies on your business reputation.   If you have either an internal or external breach then your reputation will be compromised and along with that, the lack of trust will severely damage your business.   To make sure that this can not happen to your business you need to initiate a level of auditing that will complement your business processes.   If information is accessed then you need to have some way of tracking that access.

Not thinking about security for small and medium business and not for profit organisations can be bad for your organisation.   Business security is a combination of systems and not just a one off process or purchase.   A combination of technology, management, sustainability and compliance will ensure that your business is better protected.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.