Small businesses are at an ever-increasing risk of cybercrime: as an SME, outsourcing IT to a full-time, specialist partner is the wisest decision you could make, says Amir Hashmi, CEO, and founder of zsah.
Since 2020, there have been far-reaching changes to our working and personal lives – particularly working from home; the traditional cybersecurity model and the number of resources dedicated to it have been completely reshaped.
Cyber-attacks are now more prominent than ever. From bilateral attacks between competing nations to the ever-increasing amount of scam emails sent to businesses and their staff members, there’s been a consistent increase in both the attempts and successes of cybercrime.
Industry research suggests that a cyber-attack now hits UK businesses on average every 45 seconds, and it is not just the prominent, influential players being targeted. In fact, 43% of all data breaches involve small to medium-sized companies.
The cost of these breaches varies massively. According to Government figures, a violation that results in a loss of data or assets costs on average £8,460. This figure rises to £13,400 for medium and large businesses. This figure may put some smaller companies well into the red. However, this initial cost isn’t the only concern. Many attacks can put the website out of action entirely. Businesses haemorrhage money during downtime – through damaged reputation, lost potential revenue, or a workforce that can no longer work due to inactive IT systems.
The cost of this downtime varies massively, with Gartner estimating the average global cost to be around $5,600 per minute, which is approximately $300,000 per hour. Of course, the giant e-commerce sites may skew this data, and it is less relevant to SMEs – however, it does show the scope of damage that can be done. Even lost workforce hours can be costly – with recent reports suggesting that lost productivity caused by IT downtime could be costing British businesses, on average, £3.6 million a year. This includes 545 hours of wasted staff productivity, which equals £7,235 lost per employee each year.
Unfortunately, this clearly shows that those without the capital to absorb a potential disaster are at an ever-greater risk of facing one. Therefore, a lack of resources cannot be an excuse for an ineffective cybersecurity policy, as your lack of resources certainly won’t deter anyone looking to exploit your cyber presence. Inversely, don’t assume you’re safe just because you are a stakeholder in a larger organisation. Due to small companies’ role in the supply chain, any weakness in smaller, less sophisticated actors represents a risk throughout.
As a result, cybersecurity is not just an issue that’s considered a problem for IT teams to deal with when something goes wrong. In fact, it is now the most critical business consideration after COVID-19, and organisations of all sizes must formulate, rethink, or drastically improve their strategies. Post-COVID, cybersecurity must now be at the forefront of all thought and planning.
As an SME, what can you do?
Understand the risks: Get to know the types of cybercrime you could encounter.
Master the basics: keep programs up to date, install a good antivirus on all machines, use strong passwords and two-factor authentication – instil good cyber habits.
Back up your data: back up all data – and understand how you can get it back if you lose it. Lost data can be a death blow to both continuity and your businesses’ reputation.
These are the basics, but they are not enough. Smaller companies face a myriad of challenges that all feed into each other to paint a bleak picture. Firstly, they have fewer resources, which means less sophisticated IT; secondly, they are becoming more of a target in supply chains due to their vulnerabilities; and thirdly, they have a smaller pile of capital to absorb any damage – whether that be due to lost revenue, damaged reputation, or downtime.
If you have to call an IT support – the damage is already done
With the myriad of technological trappings needed to compete in today’s world (and survive the pandemic) and the variety of risks present, a modern company doesn’t just need full-time reactive care; it needs proactive advice. This can be done in-house, but most companies can’t afford such a department.
When you work with a managed technology services provider, and you get regular, pre-emptive maintenance, the likelihood of running into issues is minimised in the first place. What’s more, if you do, any damage done by a virus is more easily solved – as your IT partner can recommend the best cloud-based disaster recovery plans, for example.
With full-time access to your IT, they know what training you or your staff need and know what equipment would suit you best – simply because, as a partner, they know you and your company from the top-down. Ultimately, this means you face a better chance against a world of rapidly evolving and multiplying threats.