Cyber criminals focus on small and medium enterprises as the damage by cyber crime grows

Accenture & Ponemon’s 2019 Cost of Cybercrime Study indicates that the right approach to cyber threats might save companies up to $5.2tn of future revenues in the next few years. Small and medium enterprises (SMEs) are among the most vulnerable as they only recently became more conscious of clear and present cyber threats. 

SMEs are especially susceptible as the majority of them lack cyber security specialists and are reluctant to invest in reliable digital protection. In a survey by Enterprise Strategy Group, commissioned by Sharp Electronics Corporations, a third of Northern American SMEs said they didn’t have dedicated in-house cyber security staff. Despite the claims of big players being the main targets of cyber crime, smaller companies sometimes become a gateway to the systems of larger organisations.

Many cyber criminals thus consider these companies a ‘sweet spot’. A study by Cyber Readiness Institute shows that only 40% of  small and medium companies have implemented a cyber security policy. Almost half of the survey participants mentioned economic instability as the main constraint in making security investments. This not only raises privacy concerns as employees work remotely, but also allows for network breach and social engineering practices. 

Establish secure connection

Cyber criminals usually aim for the underprotected networks, be it public WiFi hotspots, home routers with default passwords, or defenceless Bluetooth devices. Security is not limited to remote access and employers and employees alike should do their background reading on the potential threats.

“Employers must instruct people to change the password of their home routers – not the ordinary SSID WiFi password, but the one used to access device settings. Regular security patches and updates, combined with trustworthy antimalware programs, are also vital”, emphasised Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.

Even if the employees have taken precautions securing their home networks, both they and their employers should maintain the safe connection between everyone’s home and the office. “Managers and business owners should thus consider keeping shared files in a cloud drive, establishing a virtual private network and encouraging staff to use trusted online co-working platforms”, suggested Gurinaviciute.

Raise awareness about social engineering

Since the beginning of the COVID-19 pandemic, human error has increased as more people are working from home. Hackers are leveraging the situation and using the crisis to steal data. In fact, as much as 90% of corporate data breaches happen due to social engineering attacks, such as phishing emails or impersonation. 

“To avoid phishing and scam attempts, companies need to develop their security policy and instruct every employee to neglect suspicious emails and ignore links or attachments within them,said NordVPN Teams expert.

She highlighted that phishing emails are usually sent from similar but somewhat different addresses, and may include punctuation or spelling mistakes. The urge to take action can also be considered as a warning sign. 

Ensure privacy and confidentiality

Some employees are using their own devices for remote work as they are more familiar with them, whilst companies also save on providing work devices. However, employers cannot control the preservation of documents on personal hardware and the latter can be infected via external devices – for example, USB drives or IoT appliances.

“Remind your staff that confidential still means confidential. They should not use their personal email for work, their family members should be kept away from sensitive information and printed documents should be disposed of in a shredder as soon as the work with them is done,” suggested Gurinaviciute.

To ensure privacy, companies should implement a two-factor authentication process with an additional protection layer, such as sign in via external devices. Even if hackers get their hands on one password, they will be unable to finish their job.