Intelliworx MD on Why SME's Need to Evaluate Their Security

Share
For SMEs, the time to act is now—because cybercriminals certainly aren’t waiting. PICTURE: Getty
Intelliworx Managing Director Shane Maher explains how SMEs are being shown to underestimate their need for cybersecurity, often to disastrous effects

In an era where businesses are increasingly targeted by cybercriminals, small and medium-sized enterprises (SMEs) often find themselves in a precarious position.

 While these organisations may not operate on the same scale as multinational corporations, their possession of sensitive client information, financial data, and intellectual property makes them prime targets for cyberattacks. 

However, many SMEs underestimate the level of threat they face, leaving them vulnerable to breaches that could potentially spell the end of their operations.

From one-person law firms to burgeoning tech start-ups, SMEs are repositories of valuable data. 

To delve deeper into the risks SMEs face and the steps they can take to bolster their defences, we spoke with Shane Maher, Managing Director of Intelliworx about the misconceptions, vulnerabilities, and solutions in the realm of SME cybersecurity.

Shane Maher, Managing Director of Intelliworx

Misconceptions holding SMEs back

A common refrain from small businesses is, “We’re too small for hackers to care about us.” 

Shane notes that this belief is not only misguided but also dangerous. “In fact, for areas like financial services, law firms, or innovative sectors like technology and life sciences, the smaller the business, the more attractive they are for cybercriminals—precisely because they’re less likely to have any type of cybersecurity measures in place,” he explains.

This misconception is compounded by a reliance on minimal security measures, such as antivirus software. “While useful, antivirus software is not sufficient on its own,” Shane emphasises. 

Effective cybersecurity requires multiple layers of protection, including firewalls, secure configurations, and regular employee training.

Perhaps one of the most damaging misconceptions is that cybersecurity is solely the responsibility of the IT department. 

Shane advocates for a cultural shift within organisations, stating, “Regular training and awareness programs can help create a security-conscious culture within any organisation.” 

This approach ensures that all employees are vigilant, as cyberattacks often exploit basic vulnerabilities, such as weak passwords.

Why SMEs are high-value targets

One of the primary reasons SMEs are so appealing to cybercriminals is their perceived lack of defences. 

Shane explains, “Cybercriminals often look for the path of least resistance. Attacking a small business with weak cybersecurity is easier and less risky than targeting a larger enterprise with robust measures.”

Moreover, the data held by SMEs—customer information, financial records, and intellectual property—is just as valuable as that of larger companies. In some cases, SMEs may even serve as entry points to larger supply chains. 

“Gaining unauthorised access to such businesses could be attractive for cybercriminals when it comes to ransomware and other extortion methods,” Shane adds.

The impact of a successful cyberattack on an SME can be catastrophic, potentially leading to significant financial losses, reputational damage, and even business closure.

Practical steps to strengthen cybersecurity

For SMEs looking to enhance their cybersecurity posture, there are relatively simple and cost-effective measures they can implement. 

“Having email security in place, applying multi-factor authentication, and conducting regular data backups can go a long way in protecting sensitive data,” Shane advises.

He also highlights the benefits of collaborating with external cybersecurity vendors. “Most SMEs don’t have a dedicated team or even a person focused on cybersecurity. By choosing the right vendor, SMEs can leverage expertise and 24/7 support cost-effectively.” 

While an internal team may provide better visibility into operations, external vendors bring the specialised knowledge needed to address evolving threats.

Employee training is another critical component. Shane stresses, “Educating employees about potential threats and best practices can significantly reduce the likelihood of successful cyberattacks.”

 Such training programs help build awareness and ensure that employees adhere to established protocols, creating a stronger line of defence against potential threats.

A call to action for SMEs

As Shane rightly points out, cybersecurity is not just an IT issue; it is a business imperative. 

By addressing common misconceptions, recognising their vulnerabilities, and adopting practical measures, SMEs can significantly enhance their resilience against cyber threats. 

In doing so, they protect not only their operations but also the sensitive data entrusted to them by clients and partners. 

For SMEs, the time to act is now—because cybercriminals certainly aren’t waiting.


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security