IT security in SMEs: Why your company could be a stepping stone for hackers

By Robert Half on 27 September 2016

Today’s burgeoning SME wields a double-edged sword. Due to greater interconnectivity and advances in mobile technology alongside the cloud, the growing SME faces a raft of new business opportunities.

However, these new opportunities can bring significant cyber-security risks.

As larger companies increasingly invest significant sums in comprehensive measure to address IT security trends, under-prepared SMEs are left vulnerable and exposed.

The calculating hacker - always scanning for chinks in the armour of big corporations - now looks at SMEs as a way to attack the larger vendors.

Old school threats open the door to new risks

The landscape is changing. Old challenges used to centre around a greater need for education about the risks of patchy IT security. Consequently, there was a lack of resources apportioned - budget, time and in-house expertise, with no dedicated IT security specialists on the payroll. The challenges of automation, which allow cyber-criminals to engineer attacks on a mass scale for little investment, were a key focus.

Interconnectivity igniting new challenges for SMEs

Now, larger companies are investing in IT security, causing cyber-criminals to turn towards the more vulnerable SMEs. And the rise of mobile technology, cloud technology and other interactive technologies means that SMEs are more interconnected than ever before. In a world where data can be the most valuable asset to a business, data-rich SMEs are an increasingly attractive target for cyber-attacks.

This interconnectivity extends beyond devices to the connectivity between companies. Where in the past, the little fish mostly played with the little fish; today many SMEs are providing services to larger companies as their vendors or contractors. This provides the perfect opportunity for cyber-attackers to gain access to the big fish through the SMEs via shared data. Thus the SMEs have become a stepping stone on the path to a much bigger pot of gold.

Building your defences: How to address IT security in your business

Tackling IT security can seem daunting - like playing a football match in the dark with ever-changing goal posts. Here are six ways to ensure the best possible defence against cyber-criminals.

1. Be proactive

It’s no longer an option for SMEs to wait for an issue to respond to. According to the latest Ponemon Institute Cost of Data Breach Study (2015), the average cost of a data breach to an Australian business is $2.82 million. And there have been plenty of high profile cases of the cost being much higher - be it directly with attackers appropriating bank information, or indirectly with cyber-criminals seizing and selling data. The infamous 2015 Sony hack is estimated to be costing Sony USD35 million. UK telecommunications company TalkTalk lost an estimated GBP60 million and 100,000 customers as a result of multiple data breaches in 2015. Put simply: companies need to proactively address IT security and get a strategy in place, now.

2. Recruit the right talent to tackle IT security challenges

Ensure your staff have the expertise to identify security issues and proactively manage them. Up-skill existing IT professionals through development and training; and if required, bring the necessary talent in to the business. However, be mindful that with an increased demand for IT security specialists, there is a global IT security skills gap. Companies need to remain competitive in order to recruit and retain top talent.

3. Use Big Data to your advantage

Once the right team is in place, use Big Data to identify further threats. More data means more potential to protect the company against (new) security attacks.

4. Put your guard up – and keep it up (it’s a continuous exercise)

Anti-virus software is not enough. Work with your IT specialists to identify the necessary tools, processes, hardware, software and authentication. Know that there is a mass of IT security and cloud security tools available, so prioritise according to threat and budget.

It doesn’t stop there. Consistently and continuously test to re-evaluate systems and processes to ensure the risks are minimised. An IT security strategy isn’t just a short-term ‘tick-box’ process – it needs to evolve constantly to stay a step ahead of clever hackers.

5. Involve everyone in the business

Cyber-security is an issue that affects the whole business. Engage senior leaders to develop IT security strategies and secure the necessary budget. Then, make everyone in the company aware of the risks associated with standard communication tools, like email and social media, and make it clear how they should deal with confidential information to avoid human error.

6. Invest in training

Go beyond the obligatory email to staff informing them of the risks: provide staff training about safe email, website and social media practises.  Encourage all team leaders to ensure their employees are trained regularly, and provide training in cyber-security for key personnel.

When it comes to IT security, SMEs need to be on the front foot to secure the long-term viability of their business.

Want to understand the full impact of cyber-security – or the lack thereof - on your business? Get a copy of the Robert Half Cyber-Security Report.

This blog was originally featured as IT security in SMEs: Why your company could be a stepping stone for hackers on the Robert Half Australia Blog.

More From the Blog...