The importance of IT security for SMEs in 2020

As we prepare to head into 2020, you don’t have to look far around you to see that the decade we’re waving goodbye to has seen staggering technological change. In fact, it’s been a strong contender for the most astonishingly rapid and unprecedented period of advancement in human history. 

The way we do business has completely transformed since 2010 – the proliferation of smartphones and tablets means that the ‘office’ is less of a brick-and-mortar work space and more of a constantly shifting virtual environment. Ten years ago the internet wasn’t intertwined with our professional and personal lives in anything like the way it is now – and today you’d struggle to find a business that doesn’t rely almost entirely on its IT infrastructure.

The 2010s have delivered game-changing IT technologies that empower your business, but they’ve also seen the rise of new and unfamiliar threats than can topple it in seconds. What’s certain to happen in the next decade is that both will become far more advanced – making it more important than ever that SMEs (small and medium-sized enterprises) have robust cybersecurity measures in place.

With more than half of UK companies reporting a cyber-attack of some form in 2019, here are some of the biggest reasons why IT security is crucial for your SME – as well as the threats that are expected to grow in 2020. 

Data loss

It’s easy to associate the phrase “cyber-attack” with sinister and sophisticated plots to bring down a business by disabling its entire IT system. However, one of the most common threats to SMEs is the straightforward theft of confidential data. With the double-header of stricter rules under the GDPR and ever-increasing data portability, a simple data leak is both more likely and more consequential than it’s ever been. 

There are two ways that data becomes more vulnerable when it’s taken outside the regular confines of your business:

  • Data in motion is data that’s on the move – such as during a card transaction or in an email. Processes like these can be intercepted by hackers at numerous points.
  • Data at rest is stored on laptops and devices. It is under threat as it is carried around, often due to something as simple as an unlocked screen or leaving it on a bus.

Even data that is stored under conventionally secure means is now more at risk – employees use company devices on insecure public Wi-Fi, access company networks from their personal smartphones or are among the millions of people who use weak and easy-to-guess passwords. These are the number one cause of security breaches for small businesses, and this is unfortunately expected to continue well into 2020 and beyond. Where a hacker can crack a simple password in mere seconds, a strong password with a mixture of cases, special characters and numbers could in theory take years to unravel. 

A cyber-attack resulting in data loss can be particularly devastating to SMEs, not only because of the potentially huge financial implications, which are often impossible to overcome, but the irreversible reputational damage that can be inflicted.

How can I protect my SME’s data in 2020?

Your organisation can take several steps to increase the security of the data it holds – wherever that data may be in its journey. 

  • Encryption is the disguising of data behind an algorithm which can only be unlocked with a key – think of it as the digital equivalent of a safe. Encrypting your data, especially when in motion or at rest, places a barrier between hackers and data which – if secure enough – should deter them altogether.
  • Multi-factor authentication and similar protection measures can make sure that data is kept locked even on an unsecured laptop. By requiring additional information – such as a passcode sent to a separate device – and immediately re-locking in response to inactivity, it decreases the likelihood of unwelcome access to data. 
  • Increased awareness among your staff is the first line of defence against data loss. We are all so accustomed to and engrossed in our devices that it’s easy not to think about security – encouraging strong passwords and discouraging the use of personal devices are important security measures.

Spam emails

Junk mail has been a pest since long before email was part of our lives – but it’s crucial to remember that when it comes to your inbox, spam and junk are not always interchangeable. While you might spot a junk email a mile off, an effective spam email will wear the friendly face of something familiar or beneficial to your organisation – while in fact posing one of the greatest threats to its existence.

There are a number of types of spam email that you may find in your inbox:

  • Phishing emails are the most common. These use fake credentials including famous brands to lure a user to a website which appears to be legitimate, where they are tricked into entering card details and other compromising data. Phishing attacks are on the rise and will continue to be a major threat in 2020.
  • Whaling emails pose as a trusted executive or senior person within an organisation and request payments to an unknown account, ostensibly on their behalf. 
  • Spoofing emails carry out a similar function to whaling emails, but by pretending to be a known organisation or other external person. 
  • Bombing emails fill up an inbox or server, causing it to go offline and disrupt your business. 

How can I protect my SME against spam emails in 2020?

Aside from a strong spam filter, which should prevent the vast majority of dangerous emails from reaching your organisation, the most effective way to protect against any that slip through the net is with staff training. It’s no good to your organisation to have a few IT experts who know how to handle such problems – everyone from top to bottom should be equally aware of how to protect their email accounts, with measures including:

  • Keeping vigilant and erring on the side of caution with any email that doesn’t look right, whether it’s strangely impersonal or contains odd grammatical mistakes. 
  • Never clicking links or opening attachments without being certain that they are safe.
  • Looking closely at the sender’s email address rather than their display name.
  • Only trusting websites that have a https:// or padlock symbol in the address bar.

Third-party exploitation

Even if you’ve taken a less-than-thorough approach to IT security in the past, you could set up robust, watertight protection across your entire business and still be facing a major threat. The fact is that in today’s ever more interconnected world your SME doesn’t just do business with its clients – a raft of external companies may be part of your supply chain, and how can you make sure they’re being as careful as you are? 

Third-party exploitation attacks, or supply chain attacks, seek to take advantage of the increasingly long and complex chains linking businesses together and look for any weaknesses – for example in the protection of data in motion. They have seen a significant rise in recent years and hackers are always changing and adapting their methods in order to find new ways to infiltrate the chain. 

How can I protect my SME against third-party exploitation in 2020?

In 2020 and beyond, it’s important to become as discerning as possible when it comes to the companies that you share data with. Not only does the GDPR implicate them in being responsible for your data, but you should treat an entire supply chain as part of your company. Know the risks and vulnerabilities of each organisation involved, and – crucially – include them in any contingency plan that you form for a cyber-attack, and in your response to one. 

Insufficient disaster recovery plans

By focusing so much on prevention, it’s a common mistake to assume that your organisation is sufficiently protected – and forget that the statistics speak for themselves. SMEs suffer up to 10,000 cyber-attacks daily, so the chances of your security measures being urgently needed one day remain incredibly high.

Think about whether your SME could continue trading if all your existing protections failed in the event of a major cyber-attack. If the answer is no, then a disaster recovery plan is the missing (and perhaps most important) piece of your IT security puzzle. 

It’s often easier to think about cyber-attacks causing your company significant damage rather than complete and total paralysis – but the reality is that with malware, and especially ransomware, routinely used by attackers to hold SMEs hostage, the damage can often be too much to come back from. Were an attack such as the WannaCry ransomware that crippled the NHS for several days in 2017 to target an SME, the consequences could be devastating. 

Having your company’s crucial data securely backed up and ready to be re-implemented is an invaluable lifeline in the event of a cyber-attack.

How can my SME implement a disaster recovery plan in 2020?

One of the ways that Cheeky Munkey can assist with your IT security is with a bespoke disaster recovery plan and service. This includes:

  • Offsite data backup for use in an emergency
  • Detailed step-by-step response plans for different types of cyber-attack including ransomware
  • Assessing the precautions your SME already has in place to minimise the impact of an attack
  • Guidelines for all employees to follow in order to best prevent different types of attack
  • A regularly updated list of the names and positions of people responsible in the event of a disaster

It may be worth conducting an IT security audit to see exactly how you can prevent and mitigate cyber-attacks.  Contact us today and we will be very happy to discuss what we can do for you in 2020 and beyond.

Need IT support?
Get in touch with Cheeky Munkey