Three years ago, cybercrime was not a common threat for small and medium-sized businesses. However, since the start of the pandemic, the number of cyber attacks aimed at even the smallest of enterprises has shot up, as many companies have shifted their business online.
Owners and leaders of all kinds of SMEs are waking up to the fact that their business could also lie in the sights of cybercriminals and are taking steps to protect their systems from attack. Even simple and cost-free measures, like ensuring strong passwords or introducing two-factor authentication can turn a business from being easy pickings to just too difficult for online fraudsters to bother with.
While it’s positive that small business leaders increasingly understand the threat that such crimes present, it’s the ones that see cyber security as being more than a burden and really embrace it that will reap the benefits, says Lancaster University’s Professor Daniel Prince.
Dan Prince, who is Professor of Cyber Security at the University’s School of Computing and Communications says: “It can be tempting to view introducing cyber security measures as a mandatory task that needs to be ticked off so that you can get on with your core business. Many also take a view that any money spent on preventing a breach is no more than a simple overhead.
“But, let’s look at it another way.
“A company that cares about and protects its customers is one that customers will return to.
“And so, a company that cares for their personal or commercially sensitive information, or protects their systems from attack, is massively more attractive for customers to buy from and do business with.
“Suddenly, cyber security is less of a drag and more a real business benefit”, says Dan Prince who has worked with SMEs in Lancashire and beyond for many years to help them to understand cyber security innovation and what it means to them.
Make a change – then shout about it
This means that the task for business leaders is two-fold. First, they need to adopt not only the right practices but also introduce an overall culture that takes cybersecurity seriously.
Dan Prince continues: “Preventing a breach is about so much more than simply installing the latest software. No amount of technology can compensate if the members of your team don’t take cybersecurity seriously.
“Business owners and leaders should ask themselves whether they are supporting a culture where cyber security is prioritised: is it an open environment where people can speak up and challenge if they know that things aren’t being done the right way?”
With the right culture in place, businesses should leave customers and suppliers in no doubt about their commitment to cyber security by integrating it into their core marketing messages.
Professor Prince explains: “Think about Johnson & Johnson baby products. Their focus on caring and protecting is front and centre in their branding. This is a tactic to reassure consumers that they are a company to trust.
“Similarly, SMEs that have both good cyber security measures in place and a culture that takes the potential of a breach seriously, should market that as an asset. That’s when cyber security will truly shift from being a burden to an asset that offers a return on the time, effort and money invested in it.”
This post first appeared on Lancaster University Management School’s blog.