The United Nations General Assembly designated 27 June as Micro-, Small, and Medium-sized Enterprises Day to raise awareness of these businesses’ contribution to national economies. SMBs account for 90% of companies, 60 to 70% of employment, and 50% of GDP globally. They are the backbone of societies worldwide, contributing to local and national economies while sustaining livelihoods, especially among the working poor, women, youth, and marginalized groups.
An expanding and more complex business risk environment
More than ever, small businesses need support to overcome the ripple effects of geopolitical tensions, climate crisis, and financial recession. Besides these threats, SMBs face increasing cyber risks as they rely on digital technology and services to innovate and gain an advantage in a competitive market. According to the World Economic Forum 2023 Global Risks Report, cybercrime and cyber insecurity are among the top 10 short- and long-term global risks.
The latest Verizon 2023 Data Breach Investigations Report highlights that due to digitization, SMBs and large companies increasingly use similar services and infrastructure. Cloud-based models and as-a-Service offerings have allowed small businesses to access technology that was previously beyond their reach. That has led to a convergence of attack surfaces regardless of the organization’s size. However, small businesses ability to respond to threats due to constrained resources is very different.
Security concerns are amplified when considering the regulatory environment SMBs operate in. Just like their “big cousins,” small businesses must comply with a wide variety of security and privacy regulations, from GDPR to HIPAA and PCI DSS. According to the Thales 2023 Data Threat Report, an increasing number of businesses find it more challenging to comply with privacy and data protection regulations in the cloud. On top of these regulations, SMBs must abide by data sovereignty requirements, which pose more challenges regarding data residency.
Small changes in cybersecurity practices can make all the difference
If we want to protect and strengthen our national economies, it is essential that we harden and secure the backbone; small and medium-sized businesses. The biggest challenge in achieving this goal is the constrained environment of these companies – limited budgets, lack of experienced security professionals, and reliance on commercial off-the-shelf (COTS) hardware and software.
Although the SMB’s attack surface resembles that of large enterprises, addressing the same cyber threats requires a different, pragmatic approach. Safeguards selected for SMBS should be implementable with limited cybersecurity expertise and aimed to thwart general, non-targeted attacks. The principal concern of these enterprises is to keep the business operational, as they have little tolerance for downtime. The sensitivity of the data they are trying to protect is low and principally surrounds employee and financial information.
1. Make it harder for hackers with Multi-Factor Authentication (MFA)
MFA should be in place for all your business accounts and systems. MFA means you need to provide more than just a password to log in. This makes it much harder for hackers to break into your accounts, even if they guess your password. MFA adds an extra layer of protection and bolsters your overall security. Strong access control through MFA
2. Keep Your Encryption Keys Separate
Encryption is a way to make your important data unreadable to those without the necessary decryption key. It's important to keep that key separate from the encrypted data – otherwise it’s like having a safe with the combination written on the front. If the key gets into the wrong hands, they can unlock the data without permission. It is important to keep your encrypted data and encryption keys in separate locations allowing you to keep control of your own keys and by extension your sensitive data.
3. Bring in external security expertise
Bring in external security expertise: If you lack the skills or resources internally to effectively manage cybersecurity, consider outsourcing these tasks to a trusted provider. Many cybersecurity tools are available on the cloud as subscription-based services. Outsourcing can provide access to specialized expertise, advanced security tools, and round-the-clock monitoring, relieving your business from the burden of maintaining a dedicated cybersecurity team.
4. Educate your staff on potential threats
Humans are often one of the weakest links in your security defences. Ensure that your team is aware of potential threats, knows how to use and monitor the security software you have in place, and reports anything suspicious as soon as they become aware of it.
5. Don’t forget the basics
Maintaining good cyber hygiene is essential to protect against potential threats. Regularly backing up your data and applying software patches are two crucial practices to prioritize. Backing up your data ensures that you have a copy in case of data loss or ransomware attacks, while patching helps to address vulnerabilities and protect against known security issues.
6. Got your consumers and business partners covered?
As SMBs embark on their digital transformation journey, they need to enable new channels of interaction for their consumers. They also need to increase collaboration with their suppliers and partners, by giving them access to company data. These new forms of external users open new attack vectors and data privacy concerns. You should leverage a CIAM solution to protect your organization from these new threats, while still enabling more modern ways of connecting with your stakeholders.
Thales offers a great variety of security tools and cloud-based services to help SMBs thrive in a changing environment. Contact our experts to help you navigate the risk landscape with confidence, and learn how Thales CipherTrust Data Security Platform as-a-Service helps startups build trusted relationships with partners and gain a competitive advantage with zero impact on performance.