- Cyberattacks against small businesses are on the rise - it is time to make cybersecurity a top priority
- Take stock of your assets and assess the threats to the business from cyberattacks
- Educate employees on the impact of cyber threats and instil best security practices
- Purchase cyber insurance as a last line of defence to mitigate cyber risk
The COVID-19 crisis, accompanied by the turbulent economic climate, has presented many challenges to SMEs which are having to find new ways to operate. To help businesses with their digitalisation efforts, the Singapore government has provided support to SMEs through initiatives such as the IMDA Stay Healthy, Go Digital campaign, and increasing the Productivity Solutions Grant (PSG) support for pre-approved solutions under the SMEs Go Digital Programme from a maximum of 70% to 80%.
Many SMEs are understandably now either more actively looking for or have started adopting cloud-based digital solutions. But it is worthwhile to note that while digital technologies present opportunities for businesses to grow, improve productivity, and lower costs, they can also be prone to higher cybersecurity risks as well.
According to the Cyber Security Agency of Singapore (CSA), a total of 6,179 cybercrime cases were reported in 2018, causing losses of around S$58 million1. Small businesses and large enterprises likewise, are vulnerable. According to the CSA, almost 40 per cent of cyberattacks target small and medium enterprises (SMEs)2.
So, how can you truly prepare your business against cyber incidents? Here is a three-point action plan to protect your business by mitigating the risks.
1. Devise a thorough cybersecurity plan
To ensure that your plan is thorough, here are some pointers to keep in mind when devising a cybersecurity plan.
a. Take stock
As assets are the backbone of your business, start by accounting for all your assets including systems and devices, network, software, and data, both stored and transmitted.
An important part of this process is about identifying the critical value of the assets. What this means is determining how important this asset is for your business. As an example, for an e-commerce firm, the critical assets are its website and inventory system. A critical asset could also include human resource information or intellectual property.
b. Assess threats and impact on the business if assets are breached and create a threat profile
Once you have identified critical assets, gauge your threat landscape by identifying the possible threats that may target the assets and the information they hold. A good starting point would be understanding common attacks and attack patterns. Attacks could come from unknown websites, unmonitored digital assets, malware, ransomware, phishing, and more.
Use the information garnered to create your threat profile, listing all critical assets, their vulnerabilities, the risk, and potential threats to each asset. A detailed threat profile is essential to assess what needs to be done to protect your critical assets and devise a cybersecurity plan.
c. Formulate a comprehensive plan and weave in security solutions
An effective plan sets out the approach to cybersecurity, planned and deployed security measures, and the response action and process in the event of an incident. Security measures include controls, training, and defences. In addition, it is essential to update the plan regularly to take into consideration any new threats and changes.
It is a good idea to rely on market-tested solutions from reliable partners. This makes putting security measures in place easier, faster and better. For example, there are tailored foundational digital solutions available in the areas of accounting, human resources, digital transactions, digital marketing, and cybersecurity for SMEs embarking on a digitalisation journey. One such service is the UOB Start Digital Programme that aims to help SMEs make the most of digital technologies while emphasising cybersecurity.
2. Cultivate a culture where cybersecurity is seen as a priority
Human errors play a big part in the attacks that lead to security breaches3. Your employees are your biggest assets and can become your biggest strength in maintaining security.
Educate your employees about the dangers, risks and , business impact that cyber attacks can cause; as well as the benefits of good security practices. This will help foster a culture where your employees are constantly mindful of the need for cybersecurity in the workplace and understand their role in ensuring security.
Strengthen this understanding with a carefully-developed and participative security training that imparts the knowledge necessary to detect warning signs, implement security measures, and respond in case of a threat.
Regularly communicate the importance of security measures, best practices and give your employees a collaborative, learning environment that recognises good security practices.
3. Invest in insurance to mitigate cyber risk
The cyber threat landscape is continuously evolving and the best way to stay ahead is by mitigating your risk exposure. After all, in situations of unavoidable security breaches, it is better to be safe than sorry.
Cyber insurance helps offset the financial risk in the event of a breach. It functions as your second line of defence against attacks. For SMEs looking to protect their business from cyber threats, UOB BizCare provides 10 types of covers, including cybersecurity. It covers the interruption of computer systems caused directly by a failure of computer security to prevent a security breach.
In conclusion, all businesses that use digital technologies and the internet are responsible for protecting their business, customers, and data from growing cyber threats.
Contact us today to find out how UOB BizCare can support your cybersecurity needs.
You may wish to seek advice from a qualified adviser before making a commitment to purchase the product. In the event that you choose not to seek advice from a qualified adviser, you should consider carefully whether this product is suitable for you. United Overseas Bank Limited ("UOB") does not hold itself out to be an insurer, insurance broker or insurance agent. The insurance products and services stated herein are provided by United Overseas Insurance ("UOI"). This advertisement has not been reviewed by the Monetary Authority of Singapore.
BizCare may only be purchased by selected customers of the Business Banking segment of UOB.
While all information provided herein is believed to be correct and reliable at the time of publishing or posting online or, where applicable, printing, UOB and UOI make no representation or warranty whether express or implied, and accept no responsibility or liability for its completeness and accuracy.