Does being little make you invincible?

Around 45% of small businesses in the META region have been victims of data breaches in 2019, according to a recent Kaspersky survey.

While data breaches threaten small companies with painful consequences, the survey revealed that security measures taken by them to prevent such incidents are often insufficient. Although stories about cybersecurity incidents in companies with under 50 employees rarely make newspaper headlines, a data breach for a smaller company may directly impact their business.

Resources often become limited and concentrated on business growth, they regularly have to stop or slow down their work processes and risk losing profit with every passing hour or day of downtime. If customers’ personal data has been affected, the small business can lose customer trust and face financial penalties for breaking regulations, for example, such as GDPR.

The survey findings demonstrate that small companies suffer from data breaches, and the number of those affected is growing year-on-year (y-o-y), and most significantly, faster than in any other sector. Though the share of those who fell victim to data breaches is higher among SMBs (64%) and enterprises (67%), in smaller companies it has climbed six percentage-points (from 33% in 2018) since last year. This means that even though all businesses have to deal with data breaches to some extent, for smaller ones the problem becomes more and more relevant and dangerous every year.

To avoid these consequences, small companies need to be prepared for data breaches. However, some companies use consumer products for protection (27%) and while these can provide a certain basic level of protection, solutions for home users don’t have specific functions that are necessary for business security. For example, only business-specific products offer protection for servers or centralised management.

“Smaller companies are often focused on how to make their business work and grow — just like they should be. They may not have cybersecurity among their top priorities, however, the cost for overlooking the problem will only grow. Why? Because malware doesn’t distinguish between its victims and because even very small organisations have something to lose, such as sensitive data,” comments Andrey Dankevich, Solution Business Lead, Kaspersky. o help small companies manage their cybersecurity Kaspersky advises them to:

• Teach employees cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company.

• Regularly remind staff how to deal with sensitive data, for example, to store only in trusted cloud services with authentication switched on, do not share it with untrusted third parties.
• Enforce use of legitimate software, downloaded from official sources.
• Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach.
• Use a dedicated cybersecurity product for small businesses that demands minimum management allowing employees do their main job but protects from malware, ransomware, account takeover, online fraud and scams. Kaspersky Small Office Security protects from malware and roll-backs malicious activities, helps keeping file servers protected enforcing password policy; protects payment details during online payments and allows encryption to keep sensitive data protected on devices.

“But the good news is that to be able to protect themselves both from malware and human factor risks, these smaller companies don’t need to invest much or hire advanced specialists. It is only a matter of choosing the right security product,” Andrey Dankevich.