Cybersecurity Risks Faced By SMEs

In 2023 1,351 cyber-attacks occurred, affecting 2.2 million breached records. Businesses of every kind were targeted, and the threat only seems to increase as cybercriminals and their tools become more sophisticated. The pressure is mounting for even low-profile small and medium-sized businesses to improve their cybersecurity. Still, many lack the tools, resources, and knowledge to do so, not understanding that sometimes the risks come from the least obvious places.

What Cybersecurity Threats Should SMEs Be Most Concerned About?

Cyber risks come in a variety of forms and from a range of different places, which is why cybersecurity can be such a difficult thing to get right, especially for small businesses with limited resources. So, while SMEs typically take precautions against the most publicised threats – phishing, malware, ransomware, spoofing, insider threats, and code injection – some areas are frequently overlooked. These include using unsecured networks for hybrid and home workers, bring-your-own-device (BYOD) policies, and third-party legacy access to external SaaS platforms.

While completely separate from a business’ integral internal systems, SaaS and social media platforms still hold much potential for potential cybercrime, from reputational damage to espionage. In 2023, 86% of web application attacks arose from compromised login details and poor password protection. Yet, with external platforms, little attention is often paid to access management, intensifying the potential risk.

What Is The Problem With Legacy Access?

A wide variety of specialist skills are outsourced by businesses – marketing, social media, IT management, customer service, administrative tasks – and most of these areas require third parties to be given access permissions to your SaaS accounts. The difficulty is that although your in-house systems will be closely monitored and access rescinded soon after an employee leaves a business or an agency relationship runs its course, with external channels, such as SaaS, advertising, and social media platforms it is far more complicated.

This problem is amplified by the fact that most social channels compel users to use their personal profiles to access ad accounts and pages rather than IT-controlled systems and password vaults, making it incredibly difficult for businesses to monitor and control access. This can cause a number of important issues.

The Risks Associated With Legacy Account Access

When most people change jobs, they do so without malice. They may later joke about still having access to X, Y, and Z accounts, but the likelihood of them actually doing anything with that access is slim. The problem is that while it is slim, it’s not non-existent.  But your business could easily become collateral damage for employees who leave with an axe to grind – a recent study found that 85% of recently laid off employees had tried to sabotage their employer. Accounts can sabotaged through the blocking of genuine users. Espionage and data theft is easy. And where ad accounts are accessible, the misappropriation of funds can be managed swiftly, with advertising budgets being drained and put to use elsewhere. There is also the very real risk of reputational damage, as we’ve seen with Burger King, Twitter, and several other high-profile cases in the last few years.

Is It Possible For SMEs To Mitigate These Risks?

Cybersecurity threats are increasing almost daily, with AI, criminals are better equipped than ever to access data, accounts and funds. But there are things that businesses can do to lessen the threat.

Training—Employee mistakes cause 88% of data breach incidents. Training your team members to recognise potential threats, what to do when they are detected, and how to behave to minimise them can significantly cut the risk.

Secure networks – Strong network security is your first defence against hackers and other cybercriminals. But this has to be carried on at all points of access, including BYOD and homeworking. So, think about firewalls, intrusion detection systems, encryption, access controls, and user authentication.

Multi-factor authentication—Multi-factor authentication can limit the threat associated with password theft and loss. It means that even if one password is compromised, at least one other layer can be accessed.

Controlled access permissions – There are so many reasons why marketing channel access permissions are often overlooked – it’s difficult to manage, there are so many accounts involved, and they’re often not seen as a vulnerability or as possessing much value. But if you work with a platform capable of providing both a single point of access to all of your external and SaaS platforms to users and a clear overview of all of your access permissions to managers, you can facilitate a simpler management system, at the same time as enhancing security.

Cybersecurity raises many problems for businesses of all sizes. There’s the pressure to initiate infallible systems, the potential damage that can be inflicted, and the question of accountability. But for small and medium-sized businesses, the primary focus right now has to be on prevention. So, how sure are you that your business is doing everything possible to stay cyber secure?


About the Author:

Justin Jon Thorne, co-founder of Hydra, an innovative SaaS platform providing agencies, brands and digital teams effortless monitoring and management of access to external channels. Providing a single access point to – and a complete overview of all access permissions across – the major social channels, analytics platforms, and ad accounts including Google, Meta and LinkedIn – enabling complete monitoring of contemporary and legacy access.