- Small businesses can easily underestimate the importance of cybersecurity
- Cybersecurity will become a more prevalent issue for smaller companies due to a shift to digital services and the increasing adoption of remote work
- Companies can take immediate steps to strengthen their safeguards, but should also adopt long-term strategies
Summary by Dirk Langeveld
For many companies, cybersecurity is not a major concern in their day-to-day operations. Perhaps they believe that they’re digital operations aren’t significant enough to attract cybercriminals, or that their company is too small for these malicious actors to target.
Unfortunately, small businesses have proven to be a soft target for cyberattacks due to these very misconceptions. Smaller companies often have less robust cybersecurity measures, or their employees may be more negligent in following safe digital practices. Smaller companies can also be more vulnerable to the effects of a cyberattack, including lost income or reputation, extra expenses, or litigation.
Many small and medium-sized businesses received a wake-up call recently when Microsoft announced that its Microsoft Exchange business e-mail and scheduling platform had been the subject of a major hack. Thousands of these companies were breached, leaving them more vulnerable to potential attacks in the future.
It’s particularly important for smaller businesses to be aware of cybersecurity concerns due to changes brought on by the COVID-19 pandemic. Many companies have adopted more digital services and are likely to keep them once the pandemic subsides. Similarly, businesses are often considering a hybrid model that allows employees to continue working from home at least part of the week, increasing the risk that they will use unsecured personal devices for work tasks.
Companies can take the immediate step of ensuring that any remote work networks are secure. This step can include issue laptops and other digital equipment so employees aren’t using personal devices, updating security software, and avoiding public networks in favor of private ones.
Longer-term strategies can include emphasizing the importance of cybersecurity to employees, making sure to budget for cybersecurity measures, and consulting with an expert on how to strengthen company’s defenses and develop a strategy to prevent or mitigate cyberattacks. Some consultants use “fire drills” to simulate a cyberattack and identify strengths and weaknesses in a company’s response.
