Key cybersecurity practices for SMEs
Given the scale and sophistication of cyber threats, it’s crucial that SMEs prioritise cybersecurity measures to mitigate the risk of attack. taking proactive measures can substantially enhance your security.
Here are some practices that every SME should implement to stay safe online:
- Use strong passwords and two-factor authentication: Ensure your employees use complex passwords and enable two-factor authentication (2FA) on all devices to add an extra layer of security.
- Apply regular software updates: Keeping software and systems up to date helps protect against vulnerabilities and exploits that cybercriminals often target.
- Conduct employee training: Human error is one of the leading causes of security breaches. Conduct regular training sessions on recognising phishing attempts, handling sensitive data, and adhering to security protocols.
- Back up data: Regularly backing up important files ensures that, in the event of a breach or ransomware attack, your business can recover without having to pay hefty ransoms or lose crucial data.
- Monitor for suspicious activity: Use cybersecurity tools like firewalls, antivirus software, and monitoring systems to detect unusual network activity and respond to threats in real-time.
Social engineering (a method of deception that uses human psychology to gain access to confidential information or systems) is by far the most common form of attack used by cybercriminals. After all, why work at hacking into a network when you can trick someone into giving you access instead?
However, by adopting these practices, you can reduce the risk significantly – although you can never entirely remove it.
The threat of email interception to SMEs
Email interception incidents, or man-in-the-middle (MitM) attacks, are a growing threat to SMEs. Hackers gain unauthorised access to email messages while being transmitted over the internet by exploiting vulnerabilities in email communication. They can then steal sensitive information, reroute payments, or impersonate company officials.
One standard method of email interception is Business Email Compromise (BEC). In BEC attacks, cybercriminals hack into or spoof legitimate email addresses – that is, make them appear to be originating from a trusted source, such as a company executive, vendor or a customer. They then typically request urgent payments, transfers of sensitive data, or changes to financial account details.
Here are some ways to protect your business from email interception:
- Verify financial requests: Always verify financial requests or requests for other sensitive information via a secondary communication channel, such as a phone call or secure messaging service, before acting on them.
- Monitor suspicious email activity: Use email filtering systems to detect and block phishing emails, malware, or impersonation attempts.
- Train employees: Show employees how to recognise common signs of email interception, such as unexpected requests for financial transactions, unusual email addresses, or urgent language designed to pressure quick responses.
By implementing these precautions, you can reduce the risk of email interception.
Artificial Intelligence (AI) and the emergence of deepfakes
Artificial Intelligence (AI) and deepfake technology pose emerging threats within the cybersecurity landscape. Deepfakes, for example, use AI to create highly convincing audio, video, and still images of individuals, making it difficult to tell real from fake. In one shocking incident, the UK-based engineering firm Arup lost £20 million due to a deepfake scam. Using deepfake technology to mimic senior managers in a video call, cybercriminals instructed an employee to transfer funds. The attack was highly sophisticated, using subtle vocal nuances that fooled even well-trained staff.
To defend against deepfake threats (which might take the form of phone or video calls or voice mails), SMEs need to raise awareness of the threat and ensure that any unusual or unexpected requests for sensitive information or financial transactions are verified through multi-factor authentication processes.
Why Cyber Insurance is important
In the end, cybercriminals don’t care how big or small your company is or what line you’re in – they’re just looking for a vulnerability they can exploit. And, while a Cyber Insurance policy can’t prevent a cyber-attack, it will deal with the fallout – financial, legal, and reputational – and help you get back on your feet.
Contact us
If you’d like to learn more about Cyber Insurance, visit our Cyber Liability Insurance page or call 020 7280 3479 to speak to a member of our team.