Whilst cybercrime has long been a threat for businesses of all sizes, this year is likely to be the worst on record for cybercrime casualties, due to COVID-19.
As the world continues to grapple with the impact of the pandemic and new ways of working emerge, the adaptation to remote and hybrid working set ups continue to be front of mind for all businesses. Meanwhile, cybercriminals have also taken the initiative and continued to exploit the security vulnerabilities that are often inherent to new working models.
The problem is particularly concerning for small and microbusinesses, with the latest Government Cyber Security Breaches Survey highlighting that nearly 4 in 10 small and micro-sized businesses (38%) suffered a security breach in the last 12 months. If the cyber security of your small business is not currently top of mind, there could be a vulnerability ripe for exploitation.
The threat landscape for small businesses
The cyber security threat is persistent, with almost 1 in 4 small businesses (27%) experiencing an attack at least once a week.
Cyberattacks take many forms, with phishing chief among the most commonly identified. 82% of SMBs suffered a phishing attack in the past year and these socially-engineered impersonation attacks are only increasing in sophistication.
Rob May is a leading cybersecurity expert, and founder of IT support and managed services provider Ramsac. On the cybersecurity landscape for businesses today, he explains, “You cannot escape the fact that cybersecurity is a fundamental hygiene factor in doing business today. The ICO continue to evolve the requirements around training and education (mandating action for new starters within one month of employment), but it doesn’t stop there. One of my books is titled ‘The Human Firewall’ and one of its points is that contrary to the often-discussed notion that employees are our greatest risk, it is also true that they are our greatest line of defence.”
Indeed, as threats become increasingly automated and indiscriminate, extortion attempts or disruption from ransomware have very real consequences and could shut down business processes entirely. According to Datto’s 2020 Global State of the Channel Ransomware Report, last year saw a 300 per cent increase in ransomware attacks – with 50 per cent of those aiming squarely for SMBs.
The UK is now one of the cybercrime capitals of the world, with 14.6 million ransomware attack attempts taking place in the first half of 2021. This means it’s vital for small businesses to be up to speed on the threat landscape and have the support in place to mitigate it.
Productivity + protection
The pandemic has proven that organisations can trust their people to be productive wherever they are. We know that remote working is here to stay, yet working from multiple locations through multiple connections can open your hybrid workplace up to new security risks without the right tools to support.
COVID-19 has made cyber security harder for small businesses to address and with their resources stretched, fewer small and micro businesses reported having up-to-date malware protection year on year (83% vs. 87% in 2020) and network firewalls (77% vs. 82% in 2020). Indeed, 80% of senior UK IT and IT security leaders believe their organisations lack sufficient protection against cyberattacks.
You could be rightly asking – how do we protect ourselves from cyber risks, without sacrificing the remote working experience for our people or the productivity of the company and build the secure hybrid workplace of the future?
How can technology help?
Change is the only constant in today’s economy, but the pace of that change accelerated dramatically with COVID-19. Technology helped SMBs quickly adapt and respond – keeping operations running reliably and even discovering new ways to create revenue.
Leaders have the chance now to reflect on what was learnt in the past two years and build on their company’s new digital foundations to create a secure, hybrid workplace fit for the post-pandemic economy.
You should underpin your hybrid work goals with the rapid advances in technology now available to you, and to set up the foundations to accelerate growth – but simplicity will be key.
For instance, with Microsoft 365 Business Premium, you can centrally configure, manage, and protect company-issued and employee’s personal devices accessing business information and services across Windows, Mac, Android or iOS.
Simple features such as multi-factor authentication (MFA) can prevent 99 per cent of identity attacks by asking for additional evidence beyond the user’s password to grant access. Adding MFA for remote employees requires them to enter a security code received by a text, phone call or authentication app on their phone when they log into Microsoft 365. So, if a hacker gets hold of someone’s password through a phishing attack, they can’t use it to access sensitive company information.
Your team’s day-to-day productivity is not impacted – the measures can be intelligently triggered only by suspicious logins from unknown devices, unusual locations or untrusted networks, or when a user attempts to access sensitive information.
Defending against cyber threats
Microsoft offers solutions to small and medium businesses that are secure by design. As part of Office 365, and tools such as Microsoft Defender, e-mails are protected with defenses against multiple cybersecurity threats, including malware, viruses, ransomware, phishing, and general spam, combined with endpoint security through multi-factor authentication with Microsoft Authenticator.
Microsoft’s Defender for Business is intelligent. It not only protects your email and devices from malware, phishing, and ransomware attacks, but also uses a “zero trust” approach, assuming your devices (Windows, Mac, iOS, Android) have been compromised to identify, investigate and automatically remediate known issues. By reducing alert volume and remediating threats automatically, Defender for Business allows you to prioritise tasks and focus your time on more sophisticated threats.
It’s also possible to integrate password protection on files and other business information, and you can even prompt users within your network to update their security credentials on a regular basis.
Additionally, you can restrict the copying or saving of business-specific information to third-party apps or personal devices, and remotely wipe compromised files or databases in case a device is lost, stolen, or an employee leaves the organisation.
Best of all, for the small business owner who has many skills under their belt but is not an IT specialist, Defender for Business is very easy to use. It’s straightforward to deploy, and the solution includes simplified client configuration with wizard-driven set up and recommended security policies activated straight out-of-the-box, so that you can click and go and know your devices are secure.
“Business owners need to turn their attention not just to Cybersecurity, but more importantly, CyberResilience,” May adds. “Ensuring that staff have the right tools for the job and that they are properly and securely managed and configured is essential. Microsoft 365 has essential tools and options within the different levels to assist in this critical business best practice.”
Counting the cost of a cyber breach
On average, the annual cost for micro and small businesses in lost data and assets after a cybersecurity breach is £8,1701. With nearly half of small business staff using personal devices for work, the opportunities for cyberattacks can only increase in the hybrid work environment.
Defender for Business is coming soon as part of Microsoft 365 Business Premium, our comprehensive security and productivity solution that brings together Microsoft Teams and Office 365 with advanced security and device management tools for SMBs.
In comparison, you can ensure you’re focusing on productivity – rather than worrying about cyberattacks – for the annual cost of £181 of a single Microsoft 365 user subscription.
For more information on Microsoft 365 Business Premium and to try for free, go to aka.ms/securesmb.