Simple Changes To Address SMB’s Cybersecurity Challenges
Cybersecurity is a term that generally refers to measures to prevent unauthorized use of computers and networks. Originally the term “cyber” was first coined in the 1940s, the dawn of big computers known that time as mainframes, the term caught widespread use since the 1980s. Today, it is used for various concepts related to computers, electronic gadgets, and the Internet, we often hear in the field of IT security terms such as “cyber attack” and “cyber terrorism.”
Now that computers, smart devices, and the Internet have become indispensable to corporate activities and individual lives, cybersecurity measures using security software/hardware are considered to be a nationally important task to protect the safety and security of society. One of the most important areas of cybersecurity is computer virus protection, not only for traditional PCs but also for mobile devices as well. We are in the age where SMBs (Small and Medium-size businesses) are basically the backbone of a healthy economy for a nation, with their huge numbers compared to Fortune 500 and multinational companies. SMBs employ the most number of employees combined compared to huge enterprises, but these same companies are the most vulnerable when it comes to cyber attacks.
If left unchecked, it could cause SMBs left, right and center to have their information leak and disrupt their business day-to-day operations. Long term effects of the damage to their brand after a cybersecurity incident can surely cripple even companies with deep wallets. The true cost of a cyber attack can only be determined years after it happened. This is because, after the initial incident, the company needs to hire expert IT consultants, coordinate with authorities and spend money to recover damaged, lost or stolen data. The long recuperation period for the damaged brand is the reality, customers will stop buying the company’s product or services, which if not address do bring financial trouble for a company, with the risk of causing it out of business, similar to what happened to Symantec and DigiNotar’s Digital Certificate business.
In addition to direct attacks on the company, there are cases where a virus-infected PC, smartphone or IoT (Internet-of-things) is exploited for cyber-attacks on other companies, also known as becoming a member of a botnet. Described casually as zombie devices, these are computing devices (regardless of category/size) which when infected by a botnet malware modifies the behavior of the machine, making it follow the commands coming from the author of the malware. We have discussed samples of such malware numerous times here in Hackercombat.com, their victims literally still use their devices as if nothing is really bad happening in the background.
What can SMBs can do in order to help minimize the cybersecurity risks?
- Never get a cheap IT support and administration team
- There is no shortcut to this, as the IT infrastructure is the very backbone that makes any company, large or small to operate its business operations. The company may cut cost from other aspects of the business, its operations or its suppliers, but a reliable IT team cannot be compromised. There are SMBs which depend on MSE or outsourced IT, but of course, this is a major decision with cost as the number 1 aspect to consider. An outsource IT has less level of ownership compared to an internal IT team.
- Cybersecurity-aware leadership
Company leadership must understand the cybersecurity aspects of the organization. Treat it at the same level as the desire of the company to expand its market and brand.
- It is better to spend for protection than spend for disinfection
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.