Lack of cybersecurity infrastructure and lack of employee awareness are among the main reasons
*By Denis Riviello
The small business owner who believes his company will not be targeted by hackers is wrong. After all, it is the large corporations that have a robust database, large sales and market weight, right? In truth no.
According to a study prepared by Sebrae and FGV, small businesses already represent 30% of the Gross Domestic Product of Brazil (GDP). Consequently, small and medium businesses have become the focus of cybercriminals, as they suffer from an absence of cybersecurity infrastructure and do not have secure environments, nor people trained/destined to take care of IT/Security properly.
The main attacks aimed at them are certainly ransomware – malicious code that makes data stored on a device inaccessible, usually using encryption – which, in most cases, are deployed through a phishing – social engineering technique used to trick users and obtain confidential information such as username, password and credit card details.
Often, attacks aimed at SMEs happen due to lack of an action plan or preparedness in case of a security incident, lack of a secure browsing environment for users, or, when present, it has very basic protections. Not making employees aware is a very common factor in these cases. They are favorite targets of cybercriminals because they are in constant use of the internet - even for personal use, such as on social networks -, making a very easy path for leaks and scams, leading to a financial loss, both for the company and for the customers.
In addition, companies lose competitive value compared to competitors, not to mention the negative image in the market, especially when closing deals. Hardly anyone will choose to have business relationships with a company that is not secure.
Therefore, training actions and awareness programs aimed at all sectors and areas of the company are extremely important within the corporate environment, focusing on how the internet should be used in each sector, and what is allowed or not. In addition to mapping all the data contained in the company's system and also defining the team responsible for taking care of the new cybersecurity area.
The more dependent on the virtual environment and technology the business is, the more important it is to keep data secure. Organizations that include this investment as a priority are already experiencing a positive impact on internal processes, with customers and also with suppliers.
*Denis Riviello, Head of Cybersecurity at Compugraf
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
