Yiting has worked closely with SMEs since 2017 and seen the rise and fall of many. At the heart of it, Yiting believes that SMEs should continuously evolve to keep up with emerging trends. As a Business Advisor at SME Centre @SMCCI, she encourages frequent risk assessment amongst her clients to avoid crisis and downfalls. Unfortunately, it is an area commonly overlooked by business owners.

As cybercrimes continue to rise, Yiting explains to us the necessity for tightened online security and its repercussions for the lack of it.

  1. There is a lack of cyber preparedness amongst SMEs. Why is that so?

Most SMEs believe that cybercrimes only happen to larger corporations and that they are less vulnerable because they are too small and do not have valuable data to steal. They also tend to not get involved, thinking that cybersecurity is the IT department’s responsibility. Apart from the lack of awareness, SMEs also lack the funds, resources and knowledge to implement effective measures against cyberattacks.                                                                                                                                                                                                                                                                       

  1. What types of cyber-attacks can hit a SME?

According to SingCERT, SMEs lost millions of dollars to phishing scams in the past year. The most common cyberattacks that hit SMEs are Phishing, website defacement and ransomware. SMEs are especially at risks of spear-phishing which are targeted e-mails that appear to come from a known sender. As for website defacement, it mainly affects SMEs in the education, finance, manufacturing and retail sectors.

  1. What are the repercussions of not implementing adequate cybersecurity measures?

When a business gets hacked or encounters a breach in data, the reputation of the business gets affected, and customers’ trust is lost. For smaller SMEs, it may mean a negative impact on their revenue since operations would have to be suspended temporarily. In worst cases, SMEs can even find themselves facing legal issues when personal data gets stolen. When these cyberattacks happen, a lot of time, effort and money goes into recovery. The repercussions of a cyber-attack can be lasting and damaging to businesses since the stolen data can potentially be sold to other parties. For these reasons, I strongly encourage SMEs to implement Cybersecurity programs in their businesses.                                                  

 What are key priorities an SME needs to focus on when developing a cybersecurity strategy?

When developing their cybersecurity strategy, it’s always good for SMEs to have a Business Continuity Plan in place. They should then prioritise identifying their critical assets and data which require protection, take steps to implement physical and software controls and finally, establish the right culture that every employee has a part to play in cybersecurity

The Cyber Security Agency of Singapore (CSA) has launched also launched Safer Cyberspace Masterplan 2020 — a new national blueprint to create a safer cyberspace in Singapore. Through this initiative, SMEs can tap on free cyber health screenings. There is also a one-stop portal – the Cyber Hygiene Portal, which can be found on CSA’s website and has resources available for download.                                                                                                                                

  1. Are there any grants supporting cybersecurity solutions?

Under IMDA’s SME Go Digital programme, SMEs can receive funding supported through the Productivity Solutions Grant (PSG) to cover part of the cost of pre-approved cybersecurity products and services. Support for various packages like EndPoint Protection Platform, Managed Detection & Response, Unified Threat Management are made available across all sectors to adopt.