Managing an SME in the age of cybercrime

There are 25 million SMEs are active in the EU, employing more than 100 million workers.
Switzerland has, according to the latest available official data (08.2020), 591 016 SMEs, employing 3 039 326 workers.

It seems not a week goes without the news reporting a data leak, a service interruption or a new vulnerability. This affects us all, whether to protect our businesses or our private data.

Cybersecurity risks are nothing new, but the vulnerabilities created by the adoption of new technologies has exponentially increased the risk of incidents. The rate at which these technologies are being adopted and implemented, however, has yet to be matched by the attention it receives from management teams in many organizations. The upsurge of attacks in the last few months of the pandemic has highlighted the financial motives of criminal organizations behind these attacks. They are no longer the result of chance, like a virus that you catch, but the consequence of a targeted attack.

Here are four of the best practices to minimize your organization’s exposure:

The order of priorities must be properly established.

If you are running a business today, your priorities are getting through the crisis, growing or at least maintaining your revenues, and potentially adapting to new market conditions.

Many organizations are choosing cloud solutions to gain the flexibility required for growth as well as potentially reducing operational costs.

Many companies are making the choice to adopt cloud solutions in order to have the flexibility to grow and potentially reduce operational costs.

The cloud is undoubtedly a good option, but new technologies come with new risks. Complex systems require specific skillsets and often require new security tools.

Analyzing, understanding and prioritizing security is no easy task, yet remains fundamental. Too much focus on growth or technical improvement to meet a business need without assessing cyber risks can prove critical for businesses.

2. The risks of remote work have now been well identified. It is better to act than to be forced to react.

Organizations have been thrust, practically overnight, into a world where working remotely is the norm for many. While it may be tempting to think of this as a byproduct of the pandemic, we need to be honest with ourselves: it isn’t going away anytime soon.

Although remote work peaked in 2020, when an average of 59% of employees worked remotely, it is still estimated that 42% of employees work remotely today. This number is only expected to drop to 34% within the next year. Remote work is not a trend that will just fade away, rather one that is likely to carry on in the long term.

The majority of SMEs do not seem ready to adequately address the cybersecurity challenges posed by remote work.

Only 35% of decision makers feel their organization is very well protected against breaches to remote devices and/or employees, further proving that organizations are still not taking the necessary steps to protect their data.

23% of all decision makers are confident that their current cybersecurity solutions provide acceptable protection them sufficiently in the event of an attack.

We are aware of the risk but lack understanding and confidence in the solutions that protect us.

3. Communication between IT decision makers and business decision makers must improve.

Nothing new here. Most businesses are familiar with this problem that I like to call ‘the black box’.

Enterprise often perceives IT as a chore that can’t be swept under the rug, and security as a hindrance to business operations. Everyone’s dream is for IT to be a fully functional black box that you never need to open.

But IT is not an exact science, is complex and clearly essential. It’s difficult for a company to quantify the ROI for cybersecurity; you invest to protect what you have.

4. Lack of in-house cybersecurity talent needs to be addressed

Being more agile, getting to the market quicker, having efficient tools, all these needs are linked to costs and risks.

New technologies bring new models, new processes and with them, new vulnerabilities. The direct consequence is an increase in the complexity of attacks.

To achieve this, companies must continually hire and train staff. The more qualified a cybersecurity professional is, the less affordable their salary expectations will be for an SME. Many companies cannot afford a full-time CISO (Chief Information Security Officer).

One alternative is to hire a consultant who can offer the expertise to protect an organization from cyber threats.

Another option is to train IT security personnel, upskilling existing employees to be able to respond to all types of attacks.

2022-08-12T11:47:16+00:00

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Managing an SME in the age of cybercrime

Here are four of the best practices to minimize your organization’s exposure:

Share This Story, Choose Your Platform!