Understanding Security Vulnerabilities: A Guide for SMEs

Updated on 17 July 2014

Subscription Form (#66)
Reading Time: 2 minutes

SMEs need to protect themselves from these security vulnerabilities

Many small-to-medium enterprises (SMEs) underestimate the security dangers they face in today’s threat environment. Most of them have little training or understanding of laws governing how personally identifiable information should be encrypted, shared, or stored and lack policies ensuring their staff complies with those requirements.

If your security has not kept up with the latest cybercrime developments you could be facing avoidable risks without realising it. The explosive growth of malware is fueled by numerous factors – financial motivation, the availability of DIY virus modules, easier attack routes through social networks, and Bring Your Device (BYOD) devices in the workplace – all of which present exploitation possibilities.

“Attackers are using the viral aspect of social media to speed viruses around the globe more quickly than ever”

These same businesses often rely on single-layer security solutions, such as standalone antivirus software, which leave them open to attack if their defence is breached.

Hackers are more likely than ever to target SMEs, hoping their lack of preparation and limited security expertise will make it easy to penetrate their systems and those of their business partners. SME business owners should correct these vulnerabilities to keep themselves protected.

1.       Reliance on signature databases, not heuristics

A fundamental flaw is that many traditional antivirus products compare the files on a user’s system to only a limited library of known bad signatures, or look for only exact matches with such signatures.

Many that do not perform advanced heuristic analysis (examining the structure or behaviour of malicious code) have difficulty detecting malware that is released in many subtle variations or morphs every few hours to evade signature-based detection, a common practice for today’s developers.

2.    Only one line of defence against malware

Many SME security plans are comprised of only a single product, usually antivirus, and do not include an advanced firewall to block and flag suspicious network traffic or have separate protection for other endpoints such as emails and servers. Furthermore, for companies that allow employees to BYOD, these personal devices can be an attack route into the corporate network if users download malware disguised as legitimate applications, or fail to run antivirus software at all. Having the capability to lock down specific USB  ports is essential.

3.       Social media access at work leaves businesses vulnerable to viral malware

Attackers are using the viral aspect of social media (and the unsuspecting and trusting nature of many users) to speed viruses around the globe more quickly than ever. By convincing one user to share an infected file with their network (or simply crack the credentials for an account), attackers can exploit personal connections for profit.

Even if your security is only a few years old, you may be a target. Just because you’re a small business does not mean you can’t be ruined by hackers.  Protect your finances, your brand, your reputation, and your relationships with a security solution that protects you from today’s complex, fast-changing threats against SMEs.

Read Also: Cybersecurity Tips to Protect Your Small Business

Get Weekly 5-Minutes Business Advice

Subscribe to receive actionable business tips and resources.

Subscription Form (#66)

Feeling Stuck?