By Chris Bucolo
You'd be forgiven for thinking that most cybercrime happens to big organizations. That's because you rarely see SMBs making headlines when they become victims, compared to their larger counterparts. Albeit, larger organizations have access to more varied data, in abundance too, and in turn may seem more attractive to fraudsters. However, your local independent e-commerce company will still house valuable customer data and is certainly not safe from a cyberattack. In fact, a study from Verizon highlighted that 43 percent of all cyberattacks are directed at SMBs.
There are myriad reasons for this, one of which is that SMBs don't always have the capital and informational resources to invest in stringent proactive security measures. Criminals know this, which makes them easy prey. Another is sometimes due to a lack of education and not fully understanding the ways that cyber criminals can attack their business and why they would even do so.
The best method for SMBs to feel secure with the tools they have in place is to ensure that they meet compliance standards, which can be achieved through good security practices. But a lack of understanding and no access to the correct tools can make achieving this much harder than it needs to be. And failing to meet that compliance could carry dire consequences.
The biggest impact that a cyberattack will have on an SMB is an economic one. Cyberattacks are costly for a multitude of reasons. There is the cost of paying potential ransomware. There is the amount of money required to fix the security issue that caused the attack. And there are the fines a company faces by failing to meet compliance and regulations such as GDPR. These all add up, making any kind of hacking attack a costly endeavor for the victim. For many SMB owners, a particularly aggressive attack can mean the end for their business.
It's a sad fact, but it has been found that some 60 percent of SMBs that are hacked go out of business within six months of the attack. Despite the shocking stats, a Bullguard SMB Survey from 2020 found that 43 percent of SMBs still have no cybersecurity tools in place, while 32 percent rely on free tools that aren't up to industry standards. It's clear they need support, and this is where their acquirers and payments industry partners need to step up and lend a hand.
Experts say the channel is only as strong as its weakest link. All businesses that work collaboratively, no matter the relationship, should be supporting one another to ensure the best security practices are in place and compliance is being met. That means for SMBs, they need the support of their big partners and in the payments space this often means the acquirers and ISOs. These entities have a responsibility to lend a hand to their merchants and help them achieve compliance, and there are a number of ways this can be accomplished.
The first step is to supply merchants with the white-labelled security tools and compliance management software they need in order to remain compliant with the latest security standards such as Payment Card Industry (PCI) standards. These online security solutions provide the bare minimum for compliance, and for a new SMB who doesn't have experience in cyber risk, it's best to keep it simple from the start.
Engaging with SMB customers is also vital. Acquirers can help educate SMBs on best practices, teaching not just a dedicated security team (if they are fortunate to have one) but all staff, to empower them to identify when an action on the network might be presenting risk.
Lastly, good post-breach planning can minimize losses for SMBs. According to the Chubb Cyber Index, it costs an average of $400,000 to recover from a cyber incident, which is no small sum. However, this is an average and can be reduced with adequate preparation – such as implementing an incident response plan, introducing a wide range of cyber security tools (for example, good antivirus software and password management tools), and purchasing a comprehensive cyber insurance policy.
When it comes to supporting their SMB customers' security compliance, the best return on the acquirer's investment is to introduce a managed service solution. This way, the merchant doesn't even need to worry about the day-to-day security controls and assessment; all the tasks associated with security and compliance can instead be left up to professionals who can put 100 percent of their attention on ensuring that compliance is met. The organization will receive full visibility of its compliance status and if its team has any questions or concerns, they can quickly be raised with the experts, resting any doubts and fears. It takes the difficulty away from the SMB, so that they can focus on growing their business.
It is vital that SMBs keep themselves protected from cyberattacks, because any single, successful attack could be a death sentence for the organization. In the same way most people wouldn't ignore practices that protect their own life, acquirers should remind merchant customers to protect their business and customers. Thankfully, there are many tools out there that can protect businesses from the threat of cybercrime; it's just about getting these tools into the hands of those who need them. As the more experienced partner, it's up to the acquirer or ISO to keep their SMB merchants safe so that they can grow into the success stories they want to become.
Chris Bucolo is senior vice president of market strategy at Sysnet. Follow him on Twitter at @ChrisBucolo1.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next