The year 2021 has been shaped by an economic recovery from the coronavirus pandemic, as people and businesses have modified and adjusted their personal and professional lives to meet new and diverse challenges. As businesses focused on aligning with the new changes, the same can be said for cybercriminals who have exploited the pandemic to become increasingly efficient. With this in mind, here are three simple cybersecurity tips for small businesses in a post-pandemic world.
Understand the threat landscape
During the initial wave of the pandemic, large corporations were the primary target of hackers and malicious actors. For example, Marriott Hotels and the World Health Organization were attacked in April 2020. However, over the past year, this trend has changed, and security experts warn SMEs are now the most exposed to cyberattacks.
This change can largely be attributed to the fact that smaller organizations usually have the most to lose if exposed to an attack, with reports claiming that 60% of SMEs go out of business within six months of a data breach. This, coupled with the fact that small organizations often lack sophisticated security defenses, makes SMEs the perfect target for cybercriminals.
As these companies realize that they have become prime targets for cybercriminals, in the coming period, we will see an increase in the number of SMEs looking for solutions to protect their networks. Unlike large organizations that have security departments in their business infrastructure, SMEs will look for vendors and MSPs (Managed Service Providers) that can offer manageable and affordable security solutions. Thus, simple plug-n-play solutions that allow companies to maintain secure network access will be very popular in 2022. For example, access points that can be configured to replicate an office’s SSID and create secure tunnels and seamless access to the corporate network will become a vital solution for SMEs with remote employees.
Zero trust security model
According to recent research, nearly 97% of organizations have implemented or plan to implement hybrid working into their business structure. As such, there is a move towards a more distributed way of working. Instead of having a single centralized network, employees connect from a variety of locations, with varying levels of specific security measures.
The domino effect of these distributed approaches to work has meant that SMEs are now witnessing a shift in the way their security vulnerabilities operate. Previously, smaller organizations would struggle to protect a single network point. However, now hybrid offices can be seen as the edge of a business’s core network, meaning there are multiple points of vulnerability.
To address this problem, SMEs needed to adopt a ‘zero trust’ approach by always checking connectivity, whereby anyone trying to access the network needs to verify that they are who they say they are. In 2021, this happened through the increased adoption of multi-factor authentication, which allowed companies to verify that people on their network are accessing it correctly and are not malicious actors. This trend will continue this year, as it will allow businesses to protect data for themselves and their customers.
Reflecting privacy legislation in purchasing decisions
In recent years, data privacy has become a hot topic of conversation for government and big businesses with the advent of the EU General Data Protection Regulation and subsequent legislative reforms. However, with data breaches increasing, SMEs have been forced to act more vigilantly to protect customer data.
This has caused a lot of problems for SMEs that lack the dedicated policy and security departments that large corporations have access to. Faced with increasing complaints from customers concerned about their personal data, smaller businesses will need to find and adopt simple solutions that can help limit and manage data.
According to the Veeam Data Protection Trends 2022 report, 89% of organizations are not cautious enough when it comes to protecting data.
“The growth in data volumes over the past two years has more than doubled, largely due to the way the world has embraced pandemic remote working and cloud-based services. As data volumes have exploded, so have the risks associated with data protection; ransomware attacks being a prime example. This research shows that organizations are aware of these challenges and are investing heavily, often because they have failed to provide the protection users need (…) Data volumes and platform diversity will continue to grow and the cyber threat landscape will expand. So CXOs need to invest in a strategy that fills the gaps they already have and keeps pace with growing data protection requirements,” said Anand Eswaran, Chief Executive Officer at Veeam.
As data breaches become more prominent, SMEs will need to place security as a top priority within their business models to survive. In the absence of in-house infrastructure to implement more advanced security measures, SMEs will turn to vendors and MSPs to accumulate knowledge, equipment, and infrastructure to defend against attackers.
