Member Article

Nearly Half of UK Retail SMBs Believe a Cyberattack Could Close Their Business

Meanwhile, retailers have the lowest number of cybersecurity experts

The latest news of attacks against POS systems should serve as a warning to retail SMBs who might consider their business too small to be a target. Despite holding a large amount of valuable data – such as payment details – this sector has the lowest number of cybersecurity experts. This is according to Webroot, who recently published a report on the impact of cybersecurity on SMBs.

For retail SMBs to protect themselves against such attacks, they must first understand the consequences of not doing so and become educated on effective protocols to deal with such threats. Webroot’s report, titled “Size Does Matter,” details the challenging climate for UK SMBs in a time of rapid political, economic and social change.

Highlights from Webroot’s SMB research: • 46% say a data breach would put their business at risk of closure
• 59% say profits would take a hit as a result of cybersecurity incidents • 64% say that stressed workers put their business at more risk • 69% believe their business is at risk due to employees’ lack of security knowledge • Yet, 64% believe their small size helps them react quicker to industry or political change, creating an opportunity for SMBs to lead the market

In addition to the report, Webroot created a list of cybersecurity tips for retail SMBs, designed to reduce risk and increase compliance in a post-GDPR world:

• Always educate. Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimised.

• Take a layered approach. SMBs need to leverage both next-generation endpoint protection and network protection to ensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.

• Know the signs. Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations, ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.

• Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.

Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy. Attacks against POS systems can severely disrupt retail SMBs to the point of bankruptcy. To avoid calamitous outcomes, protection must be put in place, both online and in the form of employee training to increase awareness of attacks such as phishing. This approach reduces the risk of a successful cyberattack, ultimately protecting retailers and their customers’ valuable assets.

This was posted in Bdaily's Members' News section by Webroot .