In 2012 we saw the number of targeted attacks aimed at businesses with fewer than 250 employees double, climbing to 36% of all targeted attacks by mid-year. It will be remembered as the year that hackers identified SMEs as stepping stones into larger, more lucrative targets.
So, what’s expected of SME information protection in 2013? While targeted attacks against SMEs will not let up, we’ll see SMEs fall victim to not only other cyber conflict but also of their own lack of preparation.
Here are the seven SME trends Symantec recommends you keep in mind to protect your vital business information:
1. Ransomware is the new Scareware
As fake antivirus begins to fade as a criminal enterprise, a new and harsher model will continue to emerge – ransomware.
Ramsomware goes beyond attempting to fool its victims; it intimidates and bullies them. With the evolution of online payment methods, cybercriminals can now use force instead of flim-flam to steal from the victim’s.
We can expect the extortion methods to get harsher and more destructive in 2013, where attackers will use more professional ransom screens, up the emotional stakes to motivate their victims and use methods that make it harder to recover from an infection.
2. Cyber conflict becomes the norm
In 2013 and beyond, conflicts between nations, organisations and individuals will play a key role in the cyber world. Espionage can be very successful and deniable when conducted online. Any nation-state not understanding this previously has been given many examples in the last two years.
Nations or organised groups of individuals will continue to use cyber tactics in an attempt to damage or destroy secure information or funds, of its targets. In 2013, we will see the cyber equivalent of saber rattling, where nation-states, organisations and even groups of individuals use cyber attacks to show their strength and “send a message.”
3. The 100% virtualised SME becomes more common
Organisations will evaluate and adopt multiple hypervisors into their virtualisation and computing environments, as the market share of hypervisor vendors will begin to balance out between the largest vendors. This will lead to more SMEs becoming 100% virtualised. As a result, these SMEs will see a positive effect to their disaster preparedness.
4. Madware adds to the insanity
Mobile adware, or ‘madware’, is a nuisance that disrupts user experience and can potentially expose location details, contact information and device identifiers to cybercriminals. Madware sneaks onto a user’s phone when they download an app.
In the past nine months, the number of apps including the most aggressive forms of madware has increased by 210%. Because location and device information can be legitimately collected by advertising networks, we expect increased use in madware as more and more companies seek to drive revenue growth through mobile ads.
5. Monetisation of social networks introduces new dangers
Just like consumers, SMEs place a high level of trust in social media, with 63% of SMEs now using social networks to market their goods and services, and engage with customers. As these networks start finding new ways to monetise their platforms by allowing members to buy and send real or digital gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack.
Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social network clients – which may include fake gift notifications and emails requesting home addresses and other personal information.
While providing non-financial information might seem innocuous, cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.
These new dangers in social networks only compound the problem for SMEs, 87% of which do not have formal written Internet security policy for employees. Despite the fact that social networks are an increasingly popular vector for phishing attacks, 70% of SMEs do not have policies for employee social media use. In 2013, lack of security policy and best practices, such as educating employees, will come back to bite SMEs.
6. As users shift to mobile and cloud, so will attackers
Attackers will go where users go, so it should come as no surprise that mobile platforms and cloud services will be high-risk targets for attacks and breaches in 2013. The rapid rise in malware on Android in 2012 confirms this.
As unmanaged mobile devices and BYOD at companies of all sizes continue to enter and exit corporate networks, they pick up data and this info tends to become stored in other clouds, increasing the opportunity and risk for breaches and targeted attacks on mobile device data.
In 2013, mobile technology will continue to advance and thereby create new opportunities for cybercriminals.
7. Cloud outages get worse before getting better
There will be a significant increase in cloud outages in 2013, resulting in millions of rands lost. Yet companies will continue to pour resources into cloud offerings. The need to manage and protect data SMEs put in the cloud will lead to more adoption of backup and disaster recovery appliances and cloud service providers will begin to innovate more secure and efficient recovery of data and applications.
Companies of all sizes will need to adopt these better cloud management tools to protect their data because cloud outage problems will get worse before they get better – infrastructures that have scaled quickly with hand-written code and that utilise inefficient shared resources will result in major outages and some black eyes for the cloud computing market.
Symantec believes 2013 promises to be an exciting year for SMEs, but still want to preach caution. Technology is advancing at a pace that does not necessarily allow business to keep up, and this allows cybercriminals to exploit various facets of the business’ online activity. Identifying and making use of a security partner that meets your requirements will go a long way in protecting your business and its employees in 2013 and beyond.
We believe 2013 promises to be an exciting year for SMEs. Beyond the challenges you’ll face protecting information, you’ll also see great opportunities to leverage new technologies for the benefit of your business. We offer the following e-ssential tips:
- Know what you need to protect: One data breach could mean financial ruin for an SME. Look at where your information is being stored and used, and protect those areas accordingly.
- Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (eg, # $ % ! ?) will help protect your data.
- Map out a disaster preparedness plan today: Don’t wait until it’s too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
- Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorised access, providing strong security for intellectual property, customer and partner data.
- Use a reliable security solution: Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programmes that match known malware, suspicious e-mail attachments and other warning signs. It’s the most important step to protect your information.
- Protect information completely: It’s more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
- Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
- Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.
Look To The Future
By protecting your employees, their future and their income, you’re also protecting your business says Walter van der Merwe, CEO of Fedgroup Life.
It’s proven that staff members perform better when you show them how valued they are. But, investing in your staff members’ futures goes above and beyond the bottom line.
Staff members value recognition for the contributions they make to the business. However, this does not necessarily need to take the form of financial rewards or incentives. As an employer, you can demonstrate your employees’ value to the firm through appropriate insurance cover in the form of comprehensive employee benefits, which show that you’ve considered their long-term wellbeing and that of their family.
Of course, there is a financial commitment on the part of the employer to contribute towards insurance cover, but this goes towards the future prosperity of staff members, rather than an immediate financial benefit. Employee benefits offer security against the possibility that something detrimental will happen, and in instances where the benefit is needed, will have a lasting effect on their lives.
Ensuring that staff members have the financial means to get the best standard of medical care and treatment following injury or illness, will increase the likelihood that they will make a full recovery, and within a shorter period of time. This will enable them to possibly return to work sooner, with full capacity to continue contributing meaningfully to the business and adding value. In this way, employee benefits demonstrate to staff members that they are a significant and considered part of the business, not only at the present point in time, but also for the long term, and they also ensure a degree of business continuity — particularly key employees.
Loss of income
The biggest risk for every employee is a loss of income. Whether their incapacitation results from an injury or illness, an inability to generate an income to support their lifestyle and their family will severely impact an employee’s quality of life. This loss of financial security is therefore the most consequential risk that should be protected against through appropriate forms of insurance, such as lump sum or annuity income protection products.
Another pertinent risk that business owners should address is the need for adequate life cover. Should an employee, who is possibly the primary breadwinner of a family, pass away, their surviving dependents may be left destitute without their financial support. Employee benefits that include a life insurance component will ensure the financial wellbeing of family members left behind in the event of an employee’s untimely death.
Another important risk factor to consider is the threat of chronic or severe illness, and the high costs generally associated with treatment. As employees age they become more susceptible to various types of illnesses. In instances where they fall chronically ill, they require the financial means to cover their medical costs, and generally require time away from work to recover. This is why dread disease or critical illness cover is another vital component of a comprehensive employee benefits scheme.
Choosing the right provider
When structuring employee benefits there are certain principles that should be applied, regardless of the size of company, or the income of the staff and their socio-economic circumstances.
Foremost among these is the selection of an employee benefits provider, along with the appropriate products and the associated cost implications. This role is best fulfilled by qualified, experienced and independent financial advisors who can offer unbiased advice. These trained and certified experts are able to advise employers on how best to support their staff members through the implementation of suitable employee benefit schemes by recommending the most appropriate solution structure, based on factors such as the gender, age, role and income of employees, and their financial responsibilities. This information helps advisors to select the best mix of products that offer suitable cover to meet the unique needs of the employer and their employees, while also considering affordability.
From a personal perspective, every employee gets peace of mind knowing they are protected should they no longer be able to work, or get sick, and that there are financial provisions in place for their family should they pass away. While they contribute a small premium, they will receive an outsized financial benefit should they claim in comparison to the immediate cost.
As it relates to the business, providing comprehensive employee benefits positions the company as an employer of choice, because the organisation shows that it cares for its staff. It also demonstrates that the employer considers their staff to be valuable, which is a powerful means to attract and retain the best talent.
Protect the future
The human psyche is hardwired to choose instant gratification over receiving a potentially greater reward or benefit sometime in the future. People generally tend to discount the value of rewards they’ll receive in the distant future due to a disconnect between what the present self believes will benefit the future self. In this model there is an opportunity cost involved in relation to what someone could afford now by rather spending the insurance premium on items or services that satisfy their more immediate needs.
This is the fundamental reason why insurance is considered a grudge purchase. We ultimately pay a premium every month towards an intangible benefit that will only be realised if and when a claim is made. And, in the case of insurance, that benefit is only realised when something horrible happens — another reason people shy away from examining this basket of products.
The best way to combat this innate psychological reasoning is through continued education, which can help people understand the purpose and the prolific impact that insurance will have on their lives should they ever need to claim. This requires contextualising the possible implications for an individual five to ten years from now, illustrating in real-world terms how different their situation could be in a worst-case scenario, both with and without appropriate insurance. This is a stark but effective means to demonstrate the need for adequate cover.
How To Choose The Right Group Risk Cover For Your Business
Your clients and business partners are likely to be your main focus when you start out as an entrepreneur. But as your venture grows into a fully operative business of scale, your employees will matter just as much. That’s why it’s important to ensure you provide adequate employee benefits, and when it comes to group risk cover, it’s becoming increasingly important to find a solution that matches the needs of everyone in the business.
It’s no secret that the world of work, as we know it, is changing. In a 2017 employee benefits study, US insurer MetLife found that 58% of employees surveyed “want customised benefit options based on their personal information”. And according to the same study, 73% of employees believe their employer is responsible for employees’ health and financial wellbeing. And in spite of this expectation, modern employees are unlikely to stay with the same employers for very long, because technology continues to create new opportunities.
It is within this context that it’s important for you, the business owner, to make your business as attractive as possible by offering your employees benefits that truly match their needs. Start by thinking of yourself as a custodian of their financial security. And in terms of group risk cover, the financial security not only lies in the cover itself, but in offering benefits that add real value to your employees’ financial planning – especially when you consider that it is your employees who are contributing towards their cover.
Why do you need group risk cover for your business?
Employers buy group risk cover for the people in the company to cover their future pay cheques in case something happens where they can’t work before they retire.
But this, unfortunately, is not the case with traditional group risk products, which typically offer blunt amounts of cover that is equal to, for example, three years of pay cheques for everyone in the company – irrespective of how many pay cheques they have left before retirement. As a result of this approach, younger people in the company have less cover compared to what they need, relative to their older colleagues who have fewer pay cheques left
Traditional group risk products also offer very little flexibility, leaving employees with little, or no option to buy more cover above what employers secured. They also don’t offer a choice between lump-sum or recurring payouts when members claim, or always secure the ability to take their cover with them, should they decide to leave the company.
So how will you know you’ve selected the right cover?
Start by asking your financial adviser to look out for a product that works out how many pay cheques each employee needs to cover, and then gives every person in the company the same level of cover in proportion to the amount of pay cheques left until retirement. By following this approach, your employees’ cover will provide more people in the company with much more cover. There already are forward-thinking group risk cover providers in the market that manage to offer up to 50% more cover by following this approach.
Secondly, ask your financial adviser if your employees will be able to buy more cover over and above what you secured. There are innovative products on the market that offer up to double the cover free of underwriting, which enables your employees to benefit from the insurability you’re providing them, and to close gaps in their insurance.
And – in the spirit of the modern world of work with a more mobile workforce – these innovative products enable employees to take the cover with them when they decide to leave your company.
It’s also important to ask your financial adviser if your employees will be able to choose between a lump sum and recurring pay-outs when they claim. Traditional group risk policies tend to expect employers to make one choice between lump sum or recurring payouts on behalf of all of their employees when they take out the cover. Forward thinking cover providers have turned this approach on its head, offering employees the option to choose between recurring or lump sum payouts when they claim.
The importance of claims certaintly should never be understated, starting with obtaining a clear picture of the clinical conditions the group risk cover actually covers. There are new players in the market that provide extensive and transparent lists of clinical claims conditions for additional expense needs, covering more than 200 conditions.
And exactly how permanent does the insurer view a claim for a permanent condition? For example, if an employee is to be diagnosed with Stage 4 cancer, will he or she receive a 100% payout on diagnosis, without the prospect of ongoing reassessment? A needs-matched product offering would never require the reassessment of permanent expense needs claims.
In conclusion …
You wouldn’t expect your employees to work under dangerous conditions. So why would you select a group risk product that will not serve in their best interests when they need it most? That’s where needs-matched group risk cover comes to the rescue – not only for your employees, but also for your business by providing security and benefits offering real value in the modern world of work.
How to Take Risks That Win (Almost) Every Time
Knowing which risks to take, and how to take them, can be extremely helpful in stacking the odds in your favour.
Looking 13,000 feet down out of an airplane, parachute pack secured, your heart beating in your throat, must be one of the most terrifying experiences imaginable. Though not all risks are life-threatening, all risks are frightening. As humans, we’re constantly afraid of failure, of doing something wrong and of having to deal with the consequences. Yet, at the same time, there is nothing more rewarding than reaping the benefits of a risk gone right – of landing safely ground, to build the earlier metaphor.
For entrepreneurs, risk taking is a necessity of the job. After all, we’re never quite positive that things are going to work out the way we envision. We make choices daily which affect our business, and we can never be absolutely sure that we’re making the right ones.
Knowing which risks to take, and how to take them, can be extremely helpful in stacking the odds in your favour. While risks are unavoidable, approaching them strategically can be the best way to decrease your parachute’s chances of failing, so to speak, and to produce measurable results that you would never have achieved had you avoided the risk in the first place.
In order to hone your risk-taking skills, here are some guidelines:
1. Information is your friend
The more knowledge you have about any given topic, the less risky your endeavours will ultimately be. For example, many of the most steadily successful brokers on Wall Street are those who understand the patterns of the market better than anyone else. While there are always going to be those people who make millions off a risky uninformed bet, they are the same people who most likely will lose all their earnings on a single trade. Traders who build a sustainable career for themselves are the ones that have deep knowledge of the industry.
Similarly, you should be an expert in your field. You should know your industry well – your product or service you are providing. You should understand the buying patterns of consumers, their motivation and pain points. What drives them to buy your products? Where and when do they buy? What makes them stop buying?
As an entrepreneur – or in any profession that requires risks, really – you’ll want to have as much information as possible. The more you know, the fewer unknowns there are. The unknowns, ultimately, are what makes an action risky.
2. Assess the risk carefully
While risk is a reality of life, there is also something to be said for strong assessment skills. Being able to look at a risky situation and decide whether or not it’s worth taking is a hallmark of a good businessperson.
Venture capital investors, for example, spend their entire careers deciding which companies are worth risking time and money on. Those who throw their money around recklessly, while admirable for their risk-taking, are not necessarily the most successful investors.
Being a good risk-taker involves using the information you have to assess a situation and decide whether or not the risk is worth it.
3. Learn from failure
Appreciate that all risks are learning experiences. Especially those that don’t pan out.
On some accounts, failure is actually more valuable than success. While failures may not lead to an increase in your bottom line, you can use the opportunity to glean important information about what you’ve done wrong, where you misstepped and how you can move forward in the future.
The biggest mistake many people make is seeing failure as a measure of who they are, rather than a measure of where they can go. We’ve all heard that failure is feedback. Most successful entrepreneurs failed at many ventures before they created that million-dollar offering. Most overnight successes took many years to make. If you take a risk and fail, learn from it. Ask yourself what you can do differently next time, and then move on. The only failure is not learning the lesson that it provides and using it to hone your next endeavour.
According to Mark Zuckerberg, “The biggest risk is not taking any risk. In a world that’s changing really quickly, the only strategy that is guaranteed to fail is not taking risks.”
Taking risks is the only way to go from here to there. Even failed risks move you closer to your goals if you can turn that failure into valuable learning and a plan for improve your results next time.
This article was originally posted here on Entrepreneur.com.