By: Maria Williams
As cyber threats continue to evolve, with malicious actors coming up with creative ways, small and medium-sized enterprises (SMEs) need to adapt and acknowledge that they are just as susceptible to cyber threats as large corporations. Scott Mayor, CEO of Endurance Risk & Management Services, underscores this truth, particularly emphasizing the often-overlooked vulnerabilities of SMEs. His approach to cybersecurity whirls around a foundational principle: risk management is an ongoing, iterative process.Ā
For small businesses acknowledging the risk is the first hurdle. āMany assume only large-sized companies are targets, but cyber threats donāt discriminate. Every business handles data – be it employee information, client details, or vendor connections,ā Scott says. This misconception leaves these businesses vulnerable, as they underestimate their attractiveness to cyber criminals.Ā
Scott likens the cybersecurity challenge to any other risk management responsibility. He explains, āAll business owners need to identify the risks, analyze them, figure out the strategy for avoidance, transfer or prevention and constantly refine the approach.ā This iterative process, known as the risk management wheel, requires a continuous improvement path where each cycle informs the next, ensuring that risk management practices evolve with emerging threats.Ā
Cybersecurity is fundamentally data protection. Personally identifiable information (PII), such as social security numbers, names, and email addresses, are prime targets. SMEs must understand that their data is just as valuable. The threat can be internal, such as disgruntled employees with access to passwords, or external, involving third-party vendors. Scott further points out, āYour vendorās vulnerability can become yours. If the system is compromised, it can open a path to their data.ā This interconnectedness just shows that cybersecurity must be a priority for all parties involved.Ā
Cyber insurance is an essential part of managing cyber risks nowadays. There are two aspects to this: protecting your assets and covering liabilities that may arise if the compromised system affects others. āEven the reputation is at risk,ā Scott warns, āFor SMEs, a data breach can damage client trust and retention.ā As the saying goes, it takes 20 years to build a reputation and a few seconds of a cyber incident to ruin it. While many SMEs might lack the resources to fully implement extensive cybersecurity measures, they can invest in cyber insurance to mitigate the financial impact of potential breaches.Ā Ā
Certain exposures such as fleet management have long established preventative tools and techniques in place. Due to the nature of cybersecurity constantly evolving the management of such risk requires constant vigilance and adaptation. Moreover, Scott admits that many small businesses were established even before the roaring era of computers. āBusinesses that started before the internet must adapt to new, sophisticated attacks,ā he explains. He is sure that education is the first line of defense in this case.Ā
Password management is a simple yet often neglected aspect of cybersecurity. What is astonishing is that the 123456 password still remains one of the most common ones, according to online password management company Nordpass. Educating the employees is inevitably essential. The expert states, āYou canāt use your first name, last name, petās name, or something that is so personal to you. If at all, one wants to use a name, then one needs to break it up with symbols or numbers.āĀ
āBeyond education, technical tools such as firewalls, spam blockers, and multi-factor authentication are required,ā advocates Scott. However, balancing these tools is critical. Overly stringent spam filters can block legitimate emails, disrupting business operations.Ā
Hiring third-party risk management for penetration testing and ongoing education can help SMEs identify vulnerabilities and ensure their defenses are effective. Expert Scott mentions, āPenetration tests reveal weaknesses in your system, allowing you to address them before theyāre exploited.ā Furthermore, third party educational tools are available to keep staff informed and current in order to maintain their ongoing vigilance.Ā Ā
Phishing, a common cyber threat with 3.4 billion emails being sent per day, is now incrementally facilitated by artificial intelligence (AI), making fraudulent communications harder to detect. Even online shopping shipping fraud is the most common one. Scott gives an example, āAn email like – The person that shipped this to you didnāt pay enough money. So I need $7 from you to deliver your package. Please enter your bank account information to pay those $7, for smooth package delivery – Now, you think about it. Who cares about $7? You get UPS deliveries every day. You jump online and provide the routing number password, and boom, itās gone. And you donāt get to know that something bad has happened until you reconcile your bank account.āĀ
He further states and advises, āAI makes it easier to draft convincing fraudulent emails. Even though it is understandable that one needs to revert āASAPā, one needs to slow down, verify, and not respond impulsively.ā Techniques such as googling the subject line of suspicious emails or directly contacting the purported sender through known channels can prevent many phishing attempts.Ā
Scott Mayorās above insights make it clear: cybersecurity is not a one-time fix but a continuous process of education, improvement, and vigilance. As the exposure to breaches of cyber security transform daily, SMEs need a vigilant awareness and approach to managing these risks, it is no longer exclusive to larger corporations. This can be built internally or with the support of third party risk management providers.Ā Ā
Published by: Nelly Chavez
