How to protect your business from cyberattacks

Small and medium-sized enterprises (SMEs) in Singapore have faced many challenges stemming from COVID-19. The pandemic has impacted people’s health, reduced economic activity – in some sectors, to almost zero – and provided a smokescreen to conceal some types of criminal activity, especially online. This uptick in cyberattacks coincides with a new urgency to digitalise. With many customers confined to their homes and social-distancing measures prohibiting crowded dining areas, a surge in restaurants and hawkers have joined food-delivery platforms¹. Likewise, there was a rapid increase in online sales of groceries² and other types of e-commerce.

To help businesses with their digitalisation efforts, the Singapore government has created a number of programmes, including the IMDA’s “Stay Healthy, Go Digital” campaign – which encourages digitalisation during the pandemic – and the extension of the Productivity Solutions Grant under the “SMEs Go Digital” programme until March 2022.

Cyberattacks are a common business issue

According to the Cyber Security Agency of Singapore (CSA), a total of 9,430 cybercrime cases were reported in 2019, representing more than a quarter of all crime in Singapore³. This was further amplified by the pandemic - criminal online activity increased⁴, with 93% of Singaporean organisations seeing an increase in cyberattacks⁵. Small businesses are especially vulnerable: according to the CSA, almost 40% of cyberattacks target SMEs⁶.

In order to reduce their risk, cybersecurity is an area where companies need to be proactive. However, it is one of the tallest hurdles for SMEs to overcome in their race to adopt digital technologies⁷. According to our SME Outlook Study 2021, cybersecurity is the second biggest worry that companies have about digital transformation, second only to the cost of implementation.

While SMEs need to digitalise in order to keep up with their customers’ expectations and reap the benefits of improved efficiency, they need to do it securely. This means thinking about cybersecurity from the outset.

Develop a cybersecurity strategy

A good starting point is to identify the critical assets – those that are proposed as well as those that already exist. If a business is engaged in e-commerce, its website and inventory system are both critical, as the company cannot trade without them. Critical assets could also include human resource information and intellectual property.

The next step should be to identify the possible threats to each of these critical assets. A good starting point would be understanding common attacks and attack patterns. Attacks could come from unknown websites, unmonitored digital assets, malware, ransomware, phishing, and more. When making a strategy to protect essential assets, it’s important to remember that all the devices and networks that interact with the systems are as crucial as the software itself.

Once the assets and threats are identified, companies should devise a cybersecurity plan that covers planned and deployed security measures – including controls, training and defences – and the response process in the event of an incident.

People matter

Your employees should be an important part of your cybersecurity defences. It is helpful to give training and regular reminders of good practices – for example, showing how to recognise phishing emails, or stressing the importance of not sharing passwords – as well as demonstrating the steps to be taken in the event of a cyberattack.

Technical measures that may be deployed include the use of security software on all devices used to access company systems; commercial-grade email protection to block phishing or otherwise fraudulent messages; and two-factor authentication to avoid reliance on passwords.

Pick reliable partners and invest in insurance to mitigate cyber risk

Rather than over-complicating your cybersecurity strategy, choose market-tested solutions from reliable partners as they will simplify the process.