Until the coronavirus struck SMEs in the UK were more concerned about cyber attacks or malware infection than cash flow claims Sophos in its new report Securing Growth.
Almost half (45%) of SME decision-makers surveyed for the report cite cyber security as a concern, putting it ahead of staffing issues (40%), regulations (27%) and cashflow (32%) in the list of problems that need addressing.
The report highlights the security challenges faced by SMEs at different stages of their growth and development, with younger companies at risk due to their flexibility and pragmatism and older companies vulnerable due to bloat and lack of oversight.
For example, almost one third of SMEs that have been trading for more than 16 years did not know what cloud services were used by their company (31%) or what public file sharing applications employees used to share information externally (31%). In companies that had been trading for 1-5 years, these figures were 13% and 9% respectively.
Conversely, 59% of the youngest firms allow all employees to connect personal devices to the corporate network, with 44% allowing all contractors and third parties to connect to their network. In businesses that have been operating for 16 years or more, the respective figures are 33% and 6%.
Based on these findings, Sophos offers the following advice for IT security professionals:
*Check that you have a full inventory of all devices connected to your network and that any security software you use on them is up to date;
*Install the latest security updates on all devices and servers on your network as soon as they are released;
*Give different data access rights to different employees;
*Keep regular backups of your most important and current data on an offline storage device to avoid having to pay a ransom if affected by ransomware;
*Enable multi-factor authentication on any security dashboards or control panels used internally to prevent attackers disabling security products during an attack.