While the steady push towards digital transformation has helped small and medium-sized businesses boost productivity and growth, it has also seen an increase in exposure to cybersecurity risks. SMBs tend to face bigger risks with cybersecurity than large established enterprises since they may not have the resources for advanced protection, or dedicated IT teams specifically for protection against attacks.

According to the Singapore Cyber Landscape 2021 publication from the Cyber Security Agency (CSA) of Singapore, the number of ransomware cases rose to 137 in 2021, a sharp increase of 54% from 89 cases in 2020. SMBs bore the brunt of these attacks, especially those from sectors as manufacturing and IT. The number of phishing URLs observed by the CSA also increased 17% compared to 2020.

These numbers clearly suggest that the time for SMBs to act is now, if they want to avoid a potential breach in the future. To help SMBs with limited IT and cybersecurity expertise, CSA developed the Cyber Essentials mark.

The Cyber Essentials mark

The Cyber Essentials mark is a cybersecurity certification given to organisations as a recognition of the fact that they have put in place good cyber hygiene practices to protect their operations and customers against common cyberattacks.

While it covers certain fundamental measures, it can also be tailored to individual business needs and simplifies cybersecurity by prioritising those which need to be focused on first. The five measures included in the certification are:

• Protecting hardware, software and data assets while also equipping employees to act as a first line of defence
• Defending against malware and securing access to sensitive data
• Making sure software and systems are updated regularly
• Backing up essential data and storing them offline
• Detecting and responding to cyber incidents

4 tips for SMBs to achieve the Cyber Essentials mark

It is up to each business to take the necessary steps to meet each of the measures recommended in the Cyber Essentials mark. Here are some tips:

1.   Train your employees to be the first line of defence

A common saying in cybersecurity is that humans are the weakest link in . What this means is that you could have all the latest cybersecurity protection software but if even one person within your team makes an error, it can compromise the entire network. Your employees should therefore be given the necessary training on the latest cybersecurity threats and best practices.

This could be in the form of dedicated training through programmes such as Singtel Cybersecurity Awareness Education which offers micro-learning videos on best cybersecurity practices.

Employees can access an entire library of information that teaches them to be vigilant against phishing, malware and social engineering threats in today’s evolving cyber landscape. Additionally, administrators can also add a phishing simulation plugin, which can improve employees' responses by making them apply the lessons in an almost-real setting.

2.   Protect against malicious software

Singtel's Business Protect Basic provides endpoint security to help you achieve end-to-end protection against advanced malware, malicious websites, email borne threats, and ransomware attacks. The Endpoint Security solution meanwhile protects endpoints, on or off the network, against the same types of attacks as well as advanced fileless threats, even adapting against new unknown variants.

For network security, there is also the Singtel Broadband Security, a fully managed, cloud-based service integrated with Singtel Business Broadband. Unified Threat Management is another Singtel offering that is fully managed, capable of automating threat management that can detect rogue devices and internal vulnerabilities.

These solutions are also eligible for grants under the SME Go Digital Programme or Productivity Solutions Grant, allowing SMBs enjoy either up to 6 months free subscription OR up to 70% funding support.

3.   Encourage Multi-Factor Authentication (MFA)

We live in a world where securing access to sensitive webpages and services requires much more than a strong password. Today, adopting additional forms of authentication is almost essential to be relatively certain of security.

Multi-factor authentication involves adding another layer of security which uses an additional piece of information to work in combination with a password to gain access to a system. This means using information from something you have or possess, such as a token, or something that is a part of your identity, such as a biometric fingerprint, voice or facial recognition to complement the information you know, which is the password or a PIN.

4.   Back up your essential data

Aside from any direct monetary damages through ransom or other means, cyber threats also harm business indirectly through server crashes and data loss. For example, an e-commerce store that is down even for a few minutes during a seasonal period could mean significant loss of revenue.

Meanwhile loss of sensitive customer data could result in fines and reputation damage. Thus, it is critical that businesses back up their sensitive data on a regular basis so that some of it can still be retrieved in the event of a breach.

Singtel Cloud Backup provides you with complete visibility through a single pane automatic backup and data protection across your business cloud applications and end points. This ensures minimal downtime and helps you keep the business running without interruptions. Now you can reduce unnecessary downtime, and keep your business running with an easy-to-use and efficient backup solution in place.

As an SMB owner, you will find digitalisation to be hugely beneficial for your productivity and growth. But you will also have to think about protecting your business from cyberthreats. Keep in mind the Cyber Essentials mark recommended by CSA Singapore and adopt the right solution from Singtel.