Incidents like these underline the vulnerability of digital systems. The upheaval caused when systems are compromised can be immense.

While large organisations like the NHS and advertising giant WPP tend to make the news when they’re hit by cybercrime, the threat is just as real for mid-market firms. In many ways, the risk facing mid-size organisations is growing. And unfortunately, they can find it harder to bounce back from the financial and reputational damage caused by such an incident.

WHY IS THE MID-MARKET AT RISK?

The IT security industry is stepping up to the cyberthreat challenge with sophisticated new technologies. Vendors employ teams of cyber experts, working continually to keep one step ahead of cybercriminals. Yet many of the most progressive solutions are geared towards larger corporates with sizeable budgets. What’s more, they need to be regularly patched and updated to keep pace with rapidly evolving threats.

This puts the mid-market at a serious disadvantage. It’s difficult for these firms to ringfence huge budgets to counter a threat which may not materialise. Investment decisions need to balance potential implications of a nebulous risk against growth-driving initiatives. And a firm employing 100 to 1,000 employees is unlikely to have a dedicated cybersecurity team to manage and maintain the solution.

These factors are compounded by the fact that, for cybercriminals, the mid-market is becoming an increasingly prominent target. As larger corporates professionalise their defences, attention turns to more vulnerable prospects. 

HOW CAN WE DE-RISK?

It is important to acknowledge the scope and scale of the risk, but mid-market firms shouldn’t feel helpless. There are ways to strike the right balance with a proportionate approach to cybersecurity that blends appropriate technologies with other factors such as user training and disaster recovery planning.

We’ve developed a guide for mid-market firms that sets out six core elements of an intelligent cybersecurity strategy: How to de-risk.

If news stories about ransomware have left you feeling jittery, here are three steps you can take right now:

1. Ensure your systems have the latest patches installed.
2. Backup regularly and keep a recent backup copy offsite. Use encryption so you don’t have to worry about it falling into the wrong hands.
3. Avoid opening attachments in emails from people you don’t know – and ensure everybody in the organisation does the same. Talk to departments that use a lot of attachments, such as HR and accounts, about ways they can verify senders.

IT security specialist Sophos has produced a dedicated ransomware guide in response to recent outbreaks if you want to know more: How to stay protected against ransomware.

DON’T RELY ON TECHNOLOGY ALONE

Effective cybersecurity isn’t all about having the latest technologies. The cornerstone of best practice is good security protocols, including regular training of employees and risk analysis rooted in current cybercrime trends. This needs to be managed by a dedicated internal resource or a third-party provider to ensure the strategy adapts to the evolving threat landscape.

There is no magic shield, but it is possible to manage and mitigate risk with an intelligent, strategic approach.