This is the first and introductory episode which explains why we blog about "security and risk for small and medium-sized organisations".
This is an edited transcript from a video blog recording of Sarb Sembhi, CTO and the CISO for Virtually Informed, and his co-host Nick Ioannou, Director of Boolean Logic.
In each episode we cover a topic that's very close to our hearts: Security for Small and Medium-sized Organisations or SMO's's for short. We want to provide our audience with enough information to enable them to take action appropriate to their own needs based on the information we provide.
Each episode details a range of practical tips which can be used by our audience to help Small Organisation deal with and/or reduce attacks. Additionally, it can be used as prevention information. Over time we aim to provide a holistic collection of tips that can used as actionable information which our audience can take away.
This first episode explores some of the reasons why we believe that now is a one of the most important times for Small Organisation to start dealing with and respond to some of the pressing security issues they have.
The changing economic landscape
In 2020 many countries experienced some of the biggest economic upheavals in over 75 years; since the last World War. This has affected all sized Organisation – large Organisations have furloughed or laid off staff where they haven’t gone bankrupt, Small Organisation have closed down. This has also meant that in some cases people who were made redundant have set up their own Small Business to generate a new source of revenue, while at the same time other Small Organisations which were set up before the impact of Covid have been closing down.
The lack of income has played into the hands of criminals - they have targeted their spam or phishing attacks at those most likely to respond because they are desperate. Equally, criminals have been attracting innocent people into activities that seem innocent where they pay someone to manage money, but this is actually part of wider money laundering schemes.
“ ... lock-downs around the world have speedily ushered in the era of online collaboration, online ordering and online anything else.”
The economic climate has also affected mental health meaning people are possibly more likely to click through on things that are scams than they may otherwise have done, just to make ends meet for their families. This applies to people acting as individuals, working for a Small Business, or in their own Small Business. The fact is that whereas large corporates may have thrived during the pandemic, Small Organisation have lost out, or are still more likely to lose out and be negatively impacted.
The changing Business landscape
The global pandemic ushered in a new era of remote working, with many projects rushed from being months away to just days before implementation. The various lock-downs around the world have speedily ushered in the era of online collaboration, online ordering and online anything else.
Much of this has also forced Organisations to undertake activities that they may not have before. They may now be competing with others who were already struggling with existing competition and lack of business. Furthermore, all Organisation are having to look at extending their reach by thinking digitally to achieve the greater global reach.
The bottom line is, that the Business landscape is changing and many are entering new territories that they haven’t had any knowledge or experience of previously. This includes the security and data protection issues of taking a business online.
The technology life-line for Small Organisations
Many Small Organisation have only survived the global pandemic by pivoting to doing business online, or massively increasing their online presence. Online tools that were normally the domain of larger organisations and enterprises are available to Small Organisations like never before. Some are even free, causing many established online solutions to add features to catch up.
Many cloud solutions already in use by Small Organisation may have been backup type services, but are now available for almost anything that can be undertaken online. One of the great benefits of these services is that they are available no matter where the Business is based or even where the employees are working from. Another key advantage for Small Organisations is that they are often far cheaper than other similar services that enterprises were paying lots of money for once upon a time.
Going online may be a life-line for many Small Organisation, but if not managed properly could result in loss of data, accounts, and consequently the Business itself before it even gets off the ground.
The Cyber Essentials Scheme - is mandatory for any business wanting to provide services to the UK Government. So, if you're a Small Business seeking a government contract, you must hold the Cyber Essentials Certification to prove that you have at least the basic cyber security in place.
The volume of threats for Small Organisations has increased
The volume of threats to Small Organisation has increased hugely. Whereas once it appeared that mainly larger enterprises were targets, now every Small Business is targeted in the same net; just like the banks, because that's effectively what Small Organisations are to criminals.
The interesting thing is that Small Organisation don't realise how much information there is about them and this makes them vulnerable to hackers; to resell their information, to access their accounts or for using their assets for a whole range of other uses.
Small Organisations, often incorrectly, tend to think "we haven't got much money and therefore we are not going to be a target." They don't realise that they have lots of things which are of value to attackers, whether it's computers and other technology, their contacts, their data etc. Indeed, in some cases they may not be the initial target. It may be that one of their own customers or clients is the real or intended target and that they, the Small Business, are just the stepping stone to them.
They are open to extortion, fraud and theft, just like anyone else. Furthermore, attacks can sometimes be aimed at the individual owner or employees of the business rather than at the Business itself.
These threats may not just be technological, they could involve social engineering. Everyone has user names and passwords, all of which has a value and is of value to criminals. This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.