Email Security: A Priority for Small and Medium Enterprises
Email Security: A priority for Small and Medium Enterprises. Email security is a critical priority for businesses of all sizes Get a Quote Download Datasheet Email Security > Email Security: A Priority for Small and Medium Enterprises By Cian Fitzpatrick | 3rd June 2024 As a small-to-medium business, you might think you donât need to be concerned with all this cybercrime stuff. Cybercriminals donât care for small businesses. The takings are too small. This couldnât be further from the truth. But oddly, it is a widely held misconception. Thereâs a certain logic here that cybercriminals would be well aware of: big businesses have big budgets, right? They can spend a fortune on protecting their digital assets. Conversely, smaller businesses have smaller budgets, and probably less digital assets to protect (weâre talking data, the new gold). The return might be smaller, but the fruit is hanging lower.  While you might think that you’re a small fry and donât really need security for your business, make no mistake, that someone out there thinks youâre fry enough. And cybercrime is a growing economy, itâs become an easy trade, with ready-made software solutions available on the Dark Web. The facts are not optimistic. Cybercrime is the number one threat when it comes to financial crime in Ireland, says the Compliance Institute, which surveyed 230 compliance professionals working in Irish financial services. Hacking, phishing, online scams and other forms of cybercrime have overtaken tax evasion and insider trading. And anybody who accesses the internet, is a target and possible victim. So while smaller businesses are squeezed for resources, they simply cannot afford to neglect this issue. According to a 2022 report by Grant Thornton, cybercrime was going to cost Ireland more than âŹ10bn that year. Thatâs a lot of money leaking out of the economy. The same report showed that one in three SMEs fell victim to cybercrime between May â21 and April â22, with an average pay-out to fraudsters at âŹ22 773 per incident. But 2023 figures say that nearly three in four businesses (not necessarily SMEs though) had been attacked in the 12 months prior. That same report says that Ireland had the highest median average number of attacks, Ireland is the country most likely to pay a ransom and that the number was four times higher than the previous year. There is a silver lining however: The single biggest attack in Ireland in 2023, cost âŹ118,128, down from âŹ5.2m in 2022. Silicon Republic has also said that according to Hiscox Business Insurance, Ireland has the highest rate of cyber-insurance ownership of all the countries surveyed, which included the UK, Belgium, France, Germany, Spain, the Netherlands and the US. The direct financial implications are obvious, but less obvious is the reputational and trust damage that results from these issues. As well as private data that is now âin the wildâ. Protect Your SME with topsec cloud solutions Get A Quote Types of cybercrime that target SMEs: Ransomware, as the name suggests, kidnaps data until money is paid over, simplistically. This is malware that blocks access to a victimâs data by encrypting it, and a decryption key can be âboughtâ. Business Email Compromise, BEC, attacks specific employees that have access to company funds or sensitive data. This is often combined with impersonation, where a fraudster will pretend to be a senior staff member or client. Theyâll request money or access to systems. Password attacks unsurprisingly, involve cybercriminals using a range of methods to learn credentials. One study in 2022 found that more than 80% of successful hacks are as a result of accessing user login details. Social engineering, phishing, brute force, are all methods of gaining the information thatâll get a criminal in, either providing access to sensitive systems and data, or even to money. SMEs are just as much at risk of social engineering attacks. A recent report from 2022 says that organisations with over 2000 employees are only slightly more of a target than their counterparts with less than 100 employees. The number of attacks on a larger enterprise is far more, but as a percentage, it remains more-or-less the same. The bigger issue is that the cost of a breach is generally far more devastating for a small company, than it is for a larger organisation. Cybersecurity Ventures says that 60% of small businesses will close their doors six months after a security breach. This is a huge threat to small businesses, with 43% of online attacks focused on SMEs currently. Of concern should be that SMEs are seemingly unprepared for an attack. A 2023 report found that almost 25% of SMEs had either been attacked or hadnât realised theyâd been attacked in the 12 months prior. 61% of SMEs didnât have dedicated cybersecurity experts, 47% didnât have an incident response plan and 27% didnât have cyber-insurance coverage. What can you do? Every company is experiencing budget cuts right now. Itâs tight, but a large part of being a secure company is phishing awareness. Employee training and instilling security consciousness into each and every staff member is key. Regular training on identifying a potential âphishyâ email, or social engineering and impersonation attempts are crucial. Multifactor authentication is an account login process that demands more than one method of logging in. It may involve a password as well as a security token, or biometric verification. Software systems that prevent dodgy emails from even entering an organisation’s domain are a favourite preventative measure. If measures can be taken to halt the threat before it even reaches inboxes, thatâs ideal. An incident response plan should also be in place. A cyber attack has become a likely event in todayâs world, and planning for the eventuality may help limit the damage. It also generates a preventative-approach-mentality. Forewarned is forearmed. More and more, legislation is forcing companies â big and small â to take responsibility for their own environment and accountability for a breach. Organisations are only really holders of data, not owners. The onus is on these companies to