Over the last few months, COVID-19 caught the world by surprise and has rapidly changed our daily lives and the way we interact. In many ways, this public health crisis represents a litmus test of our ability to maintain business continuity. It has reshaped the way we carry out business, conduct meetings, facilitate reliable access to company data, as well as the process of hiring someone.
While telecommuting technology has been around for years, the importance of social distancing under the current climate has accelerated the shift towards telecommuting. Many businesses scrambled to make the switch since the Ministry of Manpower instituted work from home measures in late March.
Inevitably, this surge in telecommuting will raise questions about whether the technology that enables us to work from home – video conferencing, remote desktops, etc. – can scale to handle the increased demand for such services, as well as allow businesses to conduct their operations in an efficient manner without compromising on security.
With small and medium-sized enterprises (SMEs) contributing to 47 percent of Singapore’s GDP in 2018, the more pressing issue is: Has there been any change in how SMEs think about cybersecurity and are they well equipped to deal with the challenges of operating in this new reality, where COVID-19 co-exists in the digital age?
As the world’s second most digitally competitive country after the United States, there is an argument to be made that Singapore has made great strides in our digital transformation journey thus far.
Yet, a closer examination of this reveals interesting contradictions, highlighting some critical gaps when it comes to SMEs’ experience with digitalising their business operations.
According to QBE Insurance’s latest survey of Singapore SMEs, over four in ten SMEs cited the high cost of technology investment, and a lack of financing and funds as the top two barriers to digitalising.
Apart from the high costs involved, SMEs’ attitudes toward technology-related risks also amplify the challenges that businesses will have to face in this new era of telecommuting.
For example, Chubb’s SME Cyber Preparedness Report in 2019 highlighted a lack of concern around the impact of data breaches. 59 per cent of SME leaders surveyed felt that large corporations were more at risk of cyber attacks than SMEs, with only 18 percent of them aware about the cyber threats that their business could face.
With almost 40 percent of cyber attacks in Singapore targeted at SMEs, there are clear gaps in the way SMEs think about cybersecurity.
Given that SMEs continue to struggle to translate their understanding of cybersecurity into the right cybersecurity mindset and architecture, it is not surprising that these attitudes are also prevalent in their work from home arrangements.
According to Kaspersky’s global report, 73 percent of employees working from home did not receive any specific cybersecurity awareness guidance or training from their employer.
Questions were also raised around the implementation of basic cybersecurity practices, with 50 percent of businesses allowing employees to conduct work from personal devices without any form of policies to regulate their usage. In addition, only 53 percent of workers stated that they used a VPN to access their employer’s network when working from home.
At the same time, cybercriminals have been leveraging the public’s fear of rising COVID-19 cases by propagating malware and phishing emails from the United States’ Centers for Disease Control and Prevention (CDC) and the World Health Organisation, with one-in-four employees reporting that they have received phishing emails related to COVID-19.
As we attempt to make sense of the cybersecurity challenges for SMEs, it is a concern that their attitudes towards cybersecurity have not kept pace with the changes wrought by the pandemic. However, these challenges are not insurmountable, and the battle is already half-won as long as one makes a proactive effort to seek out information to improve one’s cybersecurity posture.
It is clear that the costs of investing in cybersecurity technology as well as acquiring the know-how to deal with cyber threats will continue to be perennial concerns for SMEs. While the mainstream narrative continues to focus on SMEs’ inadequacies when it comes to cybersecurity, it is equally important that the cybersecurity industry plays its part in building a safer world where everyone is able to enjoy the endless opportunities brought about by technology.
This could take the form of making basic cybersecurity training more accessible to SMEs. At the same time, it is important that cybersecurity training is not made to feel mundane or procedural for employees, as this would reduce its effectiveness.
The epidemic of cybersecurity threats will remain long after COVID-19 is gone. While resource constraints are expected to pose challenges for SMEs in the near future, an organisation’s cybersecurity defences could be greatly enhanced with appropriate employee training, ensuring that employees are made aware of what is happening in cyberspace.
This article originally appeared in the Entrepreneur's Digest print edition #92 and has been edited for clarity, brevity and for the relevance of this website.