The SME guide to cybersecurity

Cybersecurity practices for small and medium enterprises

Cybersecurity may seem daunting for SMEs but there are several programmes to make such measures more easily implementable and affordable (Image: Canva)

The Covid-19 pandemic saw unprecedented digitalisation for small and medium enterprises (SMEs). While this saw SMEs enjoying perks like improved efficiency, greater customer reach or even simpler bookkeeping, the risks of going digital cannot be understated.

Common cybersecurity risks for SMEs

From phishing scams to ransomware, SMEs are particularly vulnerable to cyber threats. In 2022 alone, over 130 ransomware cases were reported, with SMEs in the manufacturing and retail sectors being most affected - as found in the Singapore Cyber Landscape 2022.

Their vulnerability arises as a result of two factors: first, many of these businesses may hold valuable data as well as Intellectual Property, which threat actors may seek to extort for financial gains; next, SMEs often lack the manpower, resource, budget or even knowledge of cybersecurity. It is therefore important for businesses to put in place cybersecurity measures to protect their systems and data so that their operations and reputation will not affected by cyber attacks.

It is with these challenges in mind that the Cyber Security Agency of Singapore (CSA) introduced an array of resources and cybersecurity best practices to help SMEs out in their cybersecurity journey – from toolkits to get SMEs started on training their staff to labelling schemes that help consumers choose cyber secure products.

For the beginners: Cybersecurity Toolkits

CSA Cybersecurity toolkit for SME owners

The Cybersecurity Toolkit for SME owners acts as a guide to inform SME owners on the steps to take to improve their cyber hygiene (Image: Cyber Security Association of Singapore)

Not sure of where to start? CSA has created comprehensive toolkits that take SME owners and their employees through the fundamentals.

The Cybersecurity Toolkit for SME owners covers key topics like cybersecurity leadership, educating employees, protecting information assets such as hardware, software and data assets, securing access as well as building cyber resilience. It comprises actionable advice for SME owners to improve their cybersecurity posture as well as guiding statements and questions to help them understand the best practices in cybersecurity.

There’s even a toolkit dedicated specially for employees to raise their cyber awareness. After all, human error accounts for about 85 per cent of data breaches. The Cybersecurity Toolkit for Employees therefore delves into the measures staff can take to protect themselves and their organisation against cyber threats. This includes education on phishing, how to set strong passphrases, how to handle and disclose important data, and even covers remote work.

First steps: Cybersecurity Health Plan

Analysing cybersecurity data for cyber hygiene

Much like how people need to maintain good hygiene habits, the same applies for cyber hygiene. CSA’s Cybersecurity Health Plan equips SMEs with the knowledge they need to do so (Image: Canva)

With the Cybersecurity Health Plan, cybersecurity consultants onboarded by CSA will take on the role of Chief Information Security Officers (CISO) to help SMEs in their cybersecurity journey.

These CISO consultants will help SMEs who may not otherwise have the knowledge or IT personnel to develop a cybersecurity health plan. They will be equipped with an understanding of their cybersecurity needs and current cybersecurity posture, as well as receive recommendations that will help them take the next step in their journey.

Bearing in mind the limited funding that SMEs may have to dedicate to such cybersecurity consultants, eligible SMEs can also attain up to 70 per cent co-funding support when signing up for the CISO-as-a-Service initiative.

The ultimate goal is to help SMEs achieve a base level of cybersecurity, which sets them up to attain CSA’s Cyber Essentials mark.

Completing the fundamentals: The Cyber Essentials mark

Cyber essentials mark infographic

The Cyber Essentials mark guides SME owners on prioritising the cyber measures needed to protect their organisation from the most common cyber attacks (Image: Cyber Security Association of Singapore)

Attaining the Cyber Essentials mark is a good milestone to aim for. Designed for SMEs which have limited IT and/or cybersecurity expertise and resources, the mark serves as a certification to recognise that organisations have put in place good cyber hygiene measures. It also helps these SMEs prioritise the measures most vital to safeguard their systems and operations from common cyber threats.

To achieve the mark, organisations will first need to introduce measures across five different categories: protection for their assets; secure access and protection against malicious software; prompt software updates; backing up of essential data; as well as having an incident response plan.

Pre-approved cybersecurity solutions for PSG

Business owners can obtain the Productivity Solutions Grant for select pre-approved cybersecurity solutions

SMEs looking to attain the Cyber Essentials mark can consider looking into pre-approved cyber solutions under the SMEs Go Digital programme. Under this programme, CSA has worked with the Infocomm Media Development Authority and Enterprise Singapore to curate a list of pre-approved cybersecurity solutions that are market-proven, cost-effective and provided by reliable vendors.

Those who wish to adopt these solutions can also get funding support through the Productivity Solutions Grant for Endpoint Protection, Managed Detection and Response, and Unified Threat Management solutions.

This article is accurate as at 28 Aug 2023