7 real steps to protect against cyber attacks for small and medium businesses

This list of simple yet powerful steps will help keep your company safe.

Almost every month we read in the news about cyberattacks that hit another large company: just recently, in May, Colonial Pipeline, the largest oil transportation company in the United States, became the next victim of ransomware .

The attackers used a double-extortion technique, blocking the company’s access to its files and then threatening to release 100 gigabytes of confidential data if the company did not pay the ransom. The attacks then hit the world’s largest meat producer JBS , followed by renowned MSP solution provider Kaseya .

It would be tempting to assume that hackers are only interested in big, well-known companies that have something to lose. In addition, most of these companies are foreign. So does this modern trend mean that Russian small and medium-sized businesses are not threatened by cyberattacks, that they are simply not known or are not interesting to hackers who are hunting not only for ransom, but also for media fame?

According to the latest Avast Global PC Risk Report in the first half of 2021, the likelihood that a Russian company will encounter any type of PC malware is 48% higher compared to similar data globally for the same period. And the likelihood of encountering advanced threats for a Russian company is 82% higher compared to similar data around the world for the same period.

“Advanced” in the report refers to more sophisticated or undetected threats that were designed to bypass traditional protection technologies in security solutions such as signatures, heuristics, emulators, URL filtering, and email scanning.

Why is a business so likely to face threats?

Due to the pandemic, many companies were forced to send employees to work remotely. Employees were taking home corporate devices, so the attack surface for companies increased even more. Not all organizations were able to provide secure remote work in such a short time, and moreover, most often the home infrastructure is much less secure than the corporate one, as a result of which the companies were exposed to additional risk.

Why should small and medium-sized businesses pay attention to cybersecurity?

Small businesses are certainly resource constrained, and cybersecurity is always far less prioritized than day-to-day operations, without which a business simply cannot exist. Therefore, it is often the responsibility of each employee to ensure the company’s cyber protection , and not of an individual specialist in this area.

The human factor is the weakest link in the cyber defense chain: employees need to constantly learn, learn to recognize various fraud schemes, monitor software updates and learn about new risks. Without mentoring and ongoing monitoring, safety concerns are gradually diminished into the background.

To address this issue, the SMB industry needs to re-prioritize and treat the need for cyber security as it does the physical security of office space. Ensuring security does not necessarily require huge financial investments, but constant attention to this is simply necessary: ​​it is very important for every company to monitor trends in cybersecurity and implement advanced technologies. This will not only help protect against the consequences of cyberattacks, but will also allow us to diversify the corporate culture in general in terms of the implementation of truly effective protection measures.