Small and Medium Businesses (SMBs) play an important role in the economy: according to the Asian Development Bank, SMBs account for an average 97 percent of all enterprises in the Asia Pacific region, meaning that they deserve top priority for protection against cyberattack.
However, while many SMBs have recently become more aware of digital defense, there remains a considerable gap between the confidence they place in their cybersecurity capabilities and their actual cyber-readiness. Approximately 73 percent of SMBs in the region still don’t have a dedicated cybersecurity team, and only 53 percent have antivirus solutions in place. Yet as more and more SMBs move towards work-from-home arrangements, the need to secure private and confidential data has become increasingly pressing.
1. Awareness and policy make up the first line of defense
There is a common misconception that SMBs are less prone to cyberattacks than larger corporations. The reality is quite the opposite: because of their limited resources, SMBs typically deploy the same personnel to oversee multiple business departments. This leaves their security systems highly susceptible to external attacks.
Moreover, often new vulnerabilities arise during times of change or transition. The COVID-19 pandemic has accelerated the shift from physical to remote working environments, emboldening a growing ecosystem of attackers who can exploit vulnerabilities caused by unsecured devices and networks.
It is therefore critical for SMB employees to get educated on their businesses’ cybersecurity obligations, policies and procedures. Most importantly, identifying where and how their assets, devices and data points are stored can help avoid unintentional disclosure of confidential information.
2. Take advantage of publicly available resources
Regular audits can help SMBs understand the level of protection they need, from policies that govern workflow, to protocols that ensure data security. Thankfully, there are a plethora of public resources available to ease this process.
Republic Act No. 6977, otherwise known as the “Magna Carta for Micro, Small and Medium Enterprises (MSMEs)”, recognizes that MSMEs have the potential for more employment generation and economic growth and therefore can help provide a self-sufficient industrial foundation for the country. As such, the State shall support the MSMEs by providing programs for training in entrepreneurship and for skills development for labor; granting access to sources of funds; assuring them to a fair share of government contracts; complementing financing programs; instituting safeguards for the protection and stability of the credit delivery system; raising government efficiency and effectiveness in providing assistance; promoting linkages between large and small enterprises; making the private sector a partner in the task of building up MSMEs through the promotion and participation of private voluntary organizations, viable industry associations, and cooperatives; and assuring a balanced and sustainable development through the establishment of a feedback and evaluation mechanism that will monitor the economic contributions of the development of MSMEs.”
3. Look for simple, customized solutions that don’t strain the budget
Unlike larger businesses, SMBs do not have the flexibility to deploy large project funds for cybersecurity, as this may come at the cost of other key functions of their business.
By unifying their security technologies and sticking to fewer tools, SMBs can more quickly identify areas for orchestration and streamline cybersecurity processes.
Lenovo’s subscription and “as-a-service” models, for instance, offer SMBs flexibility and cost-efficiency without adding unnecessary headcount.
4. Be vigilant against the increasing prevalence of supply chain-based attacks
Many SMBs collaborate with larger organizations. These partnerships, however, can also lead to unintended cybersecurity consequences.
As contractors or vendors, SMBs cultivate a shared identity with and form a part of the supply chain of these organizations. In these scenarios, businesses expect regular security assessments and onboarding due diligence to be carried out by the enterprise in question. This abuse of trust between two systems, whether intentional or unintentional, is what cyber criminals take advantage of, giving rise to supply chain-based attacks.
Enterprises have started to make wholesale changes to their vetting approach as a result. Some are implementing a zero-trust network architecture, wherein vendors must prove they have met organizational compliance policies. Furthermore, an increasing onus is being placed on SMBs to abide by cybersecurity requirements that corporations are writing into contractor agreements.
5. Seek help from industry leaders
Remote and hybrid work can put SMBs at risk with an ill-equipped IT security workforce. With the bulk of time focused on growing their core business, SMBs often lack time to research new and emerging security threats. This results in an overreliance on outdated and inefficient technologies to identify breaches.
To counter this, SMBs can seek out partnerships with industry leaders and subject matter experts like Lenovo. They utilize a consultative approach to understand pain points and apply use cases to identify critical workflows that require robust infrastructure. In short, engaging the services of these experts can help SMBs “protect, detect, respond and recover.”
SMBs are the backbone of Asia’s economy – a backbone that deserves to be protected even as the world transforms.