Cyber crime isn’t just a scene in your favourite spy movie, it’s a full-blown crisis that threatens even the smallest of businesses. Ranked 4th in the top five global risks over the next two years by the World Economic Forum, cyber attacks have the power to steal identities, cripple businesses and destabilise economies. To make matters worse (for you), cyber security threats have intensified as the world continues to evolve and make various technological advancements.
Yes, many companies have invested in various cyber preparedness strategies, but for the most part, none of these initiatives are as mature or robust as they should be. From insufficient budgets and limited support from management to solely relying on Microsoft 365 security solutions, there are large gaps in many businesses’ defensive measures. It may come as no surprise, but your people are the biggest cyber security gap.
No matter the size of the business, your people are your biggest risk. We cyber criminals prey on the two things that lie outside of cyber security’s control: human risk and collaboration tools.
Of all the cyber security gaps, human risk is by far the biggest. According to Mimecast’s State of Email and Collaboration Security (SOECS) 2024 report, more than two-thirds of their respondents believed that employees are putting their organisations at risk through misusing their email, oversharing company information on social media and browsing the web carelessly. Before you start looking around for who to fire, you should
Human error is largely due to employees not having the ability to recognise and respond to cyber threats, and whether security protocols for remote workers are strictly enforced. So, we heavily rely on your lack of cyber threat awareness and training to unintentionally give us the keys to your precious data.
The rise in hybrid and remote work further expanded the attack surface and significantly increased the prevalence of cyber threats. Given that collaboration lies at the heart of the world of modern work, people, communication, and data are our main points of entry into your business. Now, what’s the first thing you think about when it comes to how an organisation communicates? That’s right, email – which is why it remains the number one attack vector for cyber criminals. This brings me to my bread and butter: phishing.
Most of my gigs have been in what you call ‘the terrible trio’ or ‘the three horsemen’: phishing, ransomware, and spoofing. Let’s break these down a little:
The bottom line is that cyber criminals are after your data because we know that most of you will go to great lengths – like paying us a pretty penny – to get it back. Through the masterful art of coding and deception, we have the power to eat up all your profits, damage your reputation and cause a legal tsunami by sharing personal information. Think catfish but with much more devasting consequences – the worst of which are experienced by small and medium-sized businesses (SMBs).
You may be wondering why I’d target multiple SMBs instead of larger enterprises because that’s where the money lies, right? Wrong. SMBs are prime targets because:
This is why in my line of business, it makes much more sense to attack hundreds of small businesses – seriously, even one woman shows – instead of targeting the Fortune 500s that each have dozens of IT professionals (and lawyers) that could easily stop me dead in my tracks.
Speaking of which – and I really shouldn’t be telling you this – your SMB should be investing in cyber preparedness. With an emphasis on people, processes and technology, investing in cyber preparedness significantly reduces cyber risk.
Here are a few things that you should be thinking about when looking to protect your people, processes and profits:
Whatever cyber security support you choose to incorporate into your cyber investment strategy, cyber security training – like phishing simulation tests and awareness training – needs to be at the top of the list. It’s important to remember that cyber security training is an ongoing investment and needs to be prioritised across every facet of your business. For example, Babble has mandatory monthly cyber security training sessions through their partner Mimecast.
Tip: Test each person’s proficiency in cyber security and then create varying levels of intervention and training based on how much – or little – they know.
While Microsoft 365 has robust security measures, cyber threats are evolving at lightning speed, so you need more than one security solution to stay ahead. Businesses must adopt a dynamic, Zero Trust approach to thrive in this high-stakes environment. I get it, budgets are tight, but trust me, when it comes to cyber threats, you want to be as protected as possible.
Another integral part of your cyber security strategy should be Domain-based Message Authentication, Reporting and Conformance (DMARC). Put simply, DMARC is a digital fingerprint for emails. It verifies that an email truly comes from the claimed sender and not a crafty imposter like me. This powerful tool prevents me and my fellow phishers and fraudsters from spoofing your email domains, further providing the small business technology support you need. However, you should be warned: implementing DMARC can be gruelling and time-consuming – but it’s worth the effort.
In my experience, where today’s cyber preparedness strategies fall short is in how they are implemented. Leadership tends to endorse various security initiatives but fail to allocate the necessary resources to see these strategies through. It’s crucial to treat cyber preparedness as a living thing that constantly needs to be fed and cared for – not a one-time quick fix.
But remember, knowledge is power. By understanding our tactics, you can fortify your defences. While IT solutions for businesses come in many shapes and sizes, you should invest in robust security measures and prioritise employee training. Above all else, stay vigilant: cyber preparedness may lower cyber risk, but it does not come close to eliminating it – we’re here to stay. The battle against cyber crime is an ongoing one, but with the right strategies, you can significantly lower your risk and gain peace of mind.
Click here to find out how Babble can help you take your cyber security to the next level.