The 10 most common cybersecurity errors in SMEs

24 Oct 2017
3 Minutes of reading
  • The company S2 Grupo has pointed out that the risks of not adequately protecting a business, regardless of its size, can be really high because at present the largest number of processes are connected to the network.
  • The consequences of a cyberattack to an SME can result from a loss of reputation, market positioning or theft of relevant data to putting in check the continuity of the business.
  • The lack of awareness of the real cyber-hazards that can stalk the SME and of adequate protection procedures are some of the most common mistakes that place them in a position of vulnerability to cybercriminals.

Valencia, october 10, 2017.- Although it is true that there is an increasing social and business awareness about the importance of cybersecurity and of adequately protecting all the processes of a business (it is already practically possible to remotely access 90% of them via Internet connection), the company S2 Grupo warns that this is still a pending task in SMEs. "In recent years, much progress has been made in the area of ​​cybersecurity, but small and medium-sized enterprises, and above all those that have just been created, continue to neglect certain aspects that could seriously jeopardize the continuity of their businesses. There is a real lack of perspective on the dangers that can threaten them and the consequences they could have", said José Rosell, associate-director of S2 Grupo. “Cuando una empresa no está adecuadamente ciberprotegida, es como si dejara la puerta de su negocio abierta toda la noche y se fueran tranquilamente a casa, permitiendo que cualquiera campara a sus anchas por él. Esto, que puede parecernos una barbaridad porque podrían desvalijarlo, es lo mismo que puede suceder si no se contempla la ciberseguridad desde el mismo momento de creación de la empresa por pequeña que sea”, ha continuado Rosell. "When a company is not adequately cyber-protected, it is as if they left the door of their business open all night and calmly went home, allowing anyone to go around freely about it. This, which may seem an outrage because they could ransack it, is the same thing that can happen if cybersecurity is not contemplated from the very moment the company is set up, however small", continued Rosell. The consequence of a cyber-attack on these businesses may be from the termination of business, loss of reputation, loss of relevant data, of weight in the market, etc. With the aim of paying attention to the cyber risks that could haunt these companies, so that they can be adequately protected, the team of experts of S2 Grupo has pointed out that the 10 most common cybersecurity errors in SMEs are the following:

  1. It is sufficient to install an antivirus or a firewall.- Evidently, few businesses regardless of how small they are lack an antivirus and, certainly, a firewall. However, this can give a false sense of security and be totally revealing technical processes that need specific protection.
  2. Believing that the information of your business is of no interest to anyone. - Any information contained in the systems regardless of who they belong to, are of great interest to cybercriminals because the data they obtain (email addresses, photographs, telephone numbers, etc.). ) have a high value in cyberspace. In addition, there is the error of underestimating the information that may be of interest to any possible competitor (accounting balances, prices, projects, etc.).
  3. Considering that computer engineers are the only ones responsible for cybersecurity.- It is very important to be aware of the fact that cybersecurity is an issue that all members of staff should be held accountable for. Correct action processes, proper management of incidents or the way legal requirements are addressed can avoid threats of social engineering or phishing, for example.
  4. Considering that cybersecurity does not require maintenance. - It is often believed that security comes from a product that is installed and that is all. This is one of the main mistakes. Cybersecurity is a process and, as such, requires daily maintenance carried out that will vary according to the needs of each department (updating of their knowledge, maintenance of systems, adaptation to new legal processes, etc.).
  5. Do not sign confidentiality agreements.- There are SMEs that consider that this is part of the big multinationals and it is a mistake. Confidentiality is also essential in this sector and must be guaranteed to anyone who has access to company information (employees, suppliers, customers, etc.) in order to protect it properly.
  6. Non-compliance with the LOPD.- Many SMEs are ignorant of their obligations in relation to this law. In order to guarantee the personal security of customers, employees, suppliers, etc., and to avoid penalties, it is essential to comply adequately with the LOPD.
  7. Lack of security in contracts.- In most cases the order form itself becomes the contract for the start of the service. This means that the document does not take into account services or clauses of confidentiality or that legal requirements such as the Organic Law of Data Protection (LOPD) are contemplated to safeguard the information that we are providing the supplier.
  8. Lack of network and systems security.- The security of servers and networks is key to protecting business information because they can create many vulnerabilities that allow cybercriminals to roam through the bowels of the business (databases of internal use accessible from the Internet, WiFi that allows access to the corporate network and is accessible from the street, systems not updated, maintenance of passwords of origin of the servers, etc.)
  9. Thinking that a threat to the company would always come from a "third party". Evidently, a cyber-attack on an organization can occur through external agents, but it must also be taken into account that a malpractice of the owners themselves or of employees can endanger the company. Opening a link from an email of unknown origin, inserting an infected USB into the computer, etc., are very common avenues of infection and can be set in motion due to negligence in the process.
  10. Offering services through the Internet and forgetting cybersecurity.- Online businesses proliferate every year and, because of their exposure to the Internet, are a perfect target for cybercriminals. Among the most frequent mistakes made by those who start, it is worth mentioning the non-compliance of the LOPD, the availability of forms that are vulnerable to attacks, misconfigured servers, etc.

More information: