How can SMEs secure their business against cybercrime?

Posted by media on March 10, 2016 at 9:00 AM
Cibersecurity_SMEs_eSignatures.jpgSource: Statista. Timespan: 2001 - 2014

The digital transformation has levelled the playing field between SMEs and larger enterprises, giving the former a golden opportunity to narrow the gap and compete side-by-side with the heavy-hitters in their respective sectors.

However, this new arrangement is not quite as balanced with respect to cybercrime, which in reality is a far greater threat to SMEs than multinationals despite what many managers may think. The mistaken belief is that the smaller a company is, the less likely it is to experience some form of cyber attack. Rather the opposite is true: the smaller the business, particularly in terms of its access to resources, the greater the vulnerability.

Cybercrime: basic information for SMEs

This post is also available in Spanish.

According to
a recent study by The Graham Company, cybersecurity is considered one of the biggest challenges facing SMEs today.

There is considerable evidence to suggest that small and medium-sized companies are at risk of a cyber attack:

  • A study by the National Cyber Security Alliance quoted by Victor Deutsch in a recent article (in Spanish) suggests that 1 in every 5 SMEs in the United States fall prey to a cybercrime every year, and that 60% of them collapse on average 6 months after an attack.
  • In Spain, the National Institute of Cybersecurity (INCIBE) has recorded that some 25% of Spanish SMEs  have experienced some form of cyberattack and indicates that, according to Zeedsecurity, 70% of cyber attacks were aimed at companies with less than 100 employees.
  • In 2015, 38% more security incidents were detected than in 2014, according to The Global State of Information Security Survey 2016 elaborated by PwC. It is clear that no business can consider itself to be “safe” from such a threat.

Irrespective of the statistics, any SME that does not consider cybersecurity a priority is facing an undeniable reality: cyber attacks have little to do with animosity toward a particular company, but rather the opportunity offered by automated identification processes and mass vulnerabilities.

Or, put another way, crackers do not single out individual companies but rather search for loopholes and deficiencies in companies of any demarcation, size or sector.

What is the difference between a hacker and a cracker?

The term “hacker” has not always had a negative connotation. Originally, a hacker defined a person with background in technology and a desire to learn, naturally leading to the development of sophisticated technology-related skills.

The first "hackers" were members of the Massachusetts Institute of Technology (MIT) in the late 50s, where the word "hack" was used to describe elaborate jokes that students played on each other. Thus a "hack" was something witty, smart and original. The origins of the MIT "hacks" has been well documented here:

Due to widespread misinterpretation by the media, the word hacker is now associated with a cybercriminal. However, the technology community clearly distinguishes between a hacker - who actually is responsible for identifying security flaws to protect computer systems of companies - and a cracker - who takes advantage of security flaws to attack computer systems for their own benefit and/or desire to do harm.

Source: What are the main differences between hackers and crackers.

¿Cuál es la diferencia entre un hacker y un cracker?

El término hacker no siempre ha tenido una connotación negativa. Originalmente, un hacker era una persona fundamentalmente curiosa, y con un deseo de aprender y experimentar a fondo con la tecnología, lo que la llevaba a desarrollar excelentes habilidades tecnológicas.

Los primeros “hackers” eran miembros del Massachussets Institute of Technology (MIT) de finales de los años 50. En aquella época, en el MIT se utilizaba la palabra “hack” para describir a bromas elaboradas que los estudiantes se gastaban entre ellos. De este modo, un “hack” era algo ingenioso, elegante y original. La historia de los “hacks” del MIT están documentados en esta página web:

Debido a la interpretación errónea difundida por los medios de comunicación, actualmente la palabra hacker se asocia con un cibercriminal. Sin embargo, la comunidad tecnológica distingue claramente entre lo que es un hacker - quien en realidad se encarga de identificar fallos de seguridad para proteger los sistemas informáticos de las empresas - y lo que es un cracker - quien aprovecha los fallos de seguridad para atacar los sistemas informáticos en su beneficio propio o por pura maldad y ganas de hacer daño.

Fuente: What are the main differences between hackers and crackers.


4 tips to ensure a secure SME

SMEs should take conscious steps to provide customers with the best possible digital security. This objective should be also become a competitive advantage that differentiates their services over those of their competitors.

The following 4 recommendations can help any small and medium-sized enterprise firm up their cybersecurity:

1. Promoting digital hygiene

Promoting digital hygiene means implementing a number of good business practices, which, though obvious, are often neglected. A very standard piece of advice is to avoid using the same password for multiple email accounts or corporate platforms. It is logical notion, but one that is often overlooked in the same way as is the warning not to click on links in emails of dubious origin.

2. Generalizing password protection and encryption

SMEs should protect all devices with passwords and encryption, and not only focus on securing laptops and desktop computers but also mobile devices, as it is precisely these devices that are the preferred doors of entry of many crackers seeking to attack businesses.

3. Strengthen partnerships with security solutions providers

Cybersecurity providers should be more than mere suppliers. It is highly advantageous to enlist them as virtual strategic partners with some guaranteed temporal continuity. In other words, it is not enough to simply buy an antivirus license. What is needed is a full partnership with a security solutions supplier to ensure a steady level of security in an environment where cyber threats evolve at breakneck speed.

4. Pay special attention to the safety of solutions

Many SMEs are equipped today with software that facilitate the daily activities of many departments. The safety of these systems must be one of the main factors to consider before purchasing them, especially if their use involves transactions that include personal data.

Signaturit's eSignature security

As developers of electronic signature software, we are well aware that our solution is being used in an environment prone to cyber attacks and where a large amount of highly personal data is being used, including bank data or information related to customer health. Therefore, any request for the signing of documents and contracts must be carried out in such a way that not only meets regulatory requirements to ensure legal valitidy, but also extremely sophisticated security measures that preserve the integrity and inviolability of the information at hand.

Signaturit protects the confidentiality of and access to signed documents that have been sent through our platform, while strictly adhering to the same safety standards that banks and government agencies work by. Our solution uses advanced encryption with 256-bit symmetric encryption keys and a multi-factor authentication process that minimizes the risk of any fraudulent activity.

To learn more about how our electronic signature solution works and its security features, please download the following whitepaper. You can also call us directly on +34 935 511 480.

This post is also available in Spanish.


 New Call-to-action

Topics: Digital Transformation

Blog Subscription

Recent Posts