A golden rule for SMBs and start-ups is that cybersecurity should be a consideration from the very first day. After all, people generally lock down everything, from their smartphones to their social media accounts, so why wouldn’t you afford the same treatment to where your heart and money lie – your new business.
It’s an easy thing to get wrong. There’s a certain false confidence in assuming you’re “too small” or “too new” to attack – but evidence suggests the cybersecurity food chain works as it should, and the little ones get eaten first.
Encryption
Each company has its own cybersecurity needs. Web-based companies that handle personal information and/or credit cards inevitably have heavier protections than personal blogs.
A mega-corporation like Walmart wears its security credentials on its sleeve, dedicating part of its corporate website to listing privacy certifications. These are vast and complex, and likely well beyond the interest of all but experts in the field.
Source: Pexels.
Most websites use Secure Socket Layer (SSL) encryption as a means of masking sensitive information sent over the internet. In some cases, especially where cash changes hands, this is worth pointing out to potential customers.
JackpotCity, an online casino in the UK, remarks on its “powerful” and “state-of-the-art” SSL encryption on its homepage. The idea is to instill confidence in players so they sign up. Put another way, SSL is a piece of tech that serves a second job as a marketing tool.
Organisations can opt in to an increasingly aggressive set of standards and frameworks to secure their businesses. In the US, this comes under NIST, while the UK has its Minimum Cyber Security Standard. International standards include ISO 27001 and ISO 27032.
At-risk Businesses
Just by reading the previous, it’s easy to feel that these cybersecurity knick-knacks are way above the SMB’s pay grade – especially when it comes to the ISOs. Yet the unfortunate nature of cybercrime is that it feeds bottom up. Smaller companies are easier to bring down and hold to ransom than the denizens of Silicon Valley.
The US Chamber of Commerce’s Small Business Index for Q1 2024 revealed that 60% of SMBs were worried about cybersecurity, with 27% believing that a single incident would force the company to close.
Security firm Cloudstrike claims that the most at-risk businesses are those growing quickly and taking on lots of employees. People are often the weak link when it comes to opening the door to malware or phishing attacks. So, the more people, the bigger the “risk profile”.
Cyberattacks are often crimes of opportunity. It’s rarely a case of revenge or the work of a disgruntled ex-employee. An open door is an open door, whether it’s in real life or over the internet. A florist is just as much of a target as a pharmacist or hardware store.
Let’s go back to that golden rule – cybersecurity “hygiene” begins on the first day. It might seem like an uphill struggle trying to maintain security practices during hectic periods, but the outcome of an attack is often terminal for SMBs.