Three ways SMEs can reduce their cyber exposure

SMEs are the backbone of the Australian economy but when it comes to cybersecurity, a significant portion are underprepared. In fact, research from the Australian Cyber Security Centre shows that half of SMEs rated their understanding of cyber exposure as “average” or “below average”. Many SMEs are unaware that basic cyber hygiene practices can effectively reduce cyber risk because a great majority of breaches stem from known vulnerabilities.

Know your weakest link

Good cyber hygiene begins with identifying risks, and this means understanding where the vulnerabilities lie within a network. A vulnerability isn’t synonymous with “malware” or “virus”, it’s any weakness within a network that can be exploited. This could be errors in application coding or devices on the network with poor security measures. What’s important to understand is that every digital tool and service is at risk of being exploited.

Cybercriminals prefer to leverage known but unpatched vulnerabilities to get the most bang for their buck. Finding new vulnerabilities to exploit costs time and money, so using existing vulnerabilities allows cyberattackers to reach their end goal in the fastest and cheapest way possible.

Knowing which vulnerabilities are being actively exploited by cybercriminals and prioritising their remediation is one of the most effective ways to reduce risk. SMEs should be diligently patching these and implementing the right security controls to reduce risk.

Understand your network and attack surface

To avoid flying blind, inventory all of the hosts and devices connected to your network. Pay special attention to personal devices as these may not include the same protections as company-issued ones. With the rise of remote learning and working, the same computer or phone used for work might be used for other activities.

SMEs must prioritise assets based on risk, especially where they contain personal information or financial data of customers, employees or suppliers.

At the same time, be aware of the applicationsrunning on the network. Unauthorised, unknown apps are a red flag but so are apps that haven’t been updated in a while. Once the network has been checked and the most vulnerable parts identified, SMEs will have a much better understanding of the attack surface.

Tap into technology

With 97 per cent of Australian businesses employing under 20 staff, it’s no surprise that one of the biggest barriers when implementing good cybersecurity practices is the lack of a dedicated IT team. A risk-based approach to vulnerability management is a key way to help SMEs overcome this barrier.

With a risk-based approach, the remediation of risks is prioritised based on the potential impact to businesses. This method goes beyond traditional vulnerability management of just discovering the vulnerabilities, as it enables businesses to understand risks within threat context and with insights into potential business impact.

Leverage tools like vulnerability scanning solutions to identify where vulnerabilities lie and how to patch them. These tools can give greater visibility into the risks facing a business and help prioritise focus areas. Small businesses need solutions to help them better understand the actual, not theoretical, impact of vulnerabilities, and focus remediation efforts based on business risk.

Cyber risk is a business risk

Many organisations tend to focus on business growth without realising how cybersecurity plays into the long term health of an organisation. A breach can significantly impact any financial success that’s taken years of hard work to establish. Therefore, this Microsoft email hack should serve as a sobering reminder that SMEs need to treat cyber risk as a business risk and prioritise securing their business. Safeguarding against cyberattacks requires a proactive approach and it’s never been more important to take steps early to protect a business.