Cybersecurity Issues Faced By SMEs During Remote Work

The Impact of COVID-19 on Cybersecurity

Remote working is the new normal for majority of the firms during these times of COVID. This has been found to be contributing to increased risks of cybersecurity, especially for the SMEs (Wang et al. 2021). Time to time researches have been done surrounding this topic and it has been found that alterations in patterns of working is something that had led to infrastructure being unattended. This is also the reason why the business data is becoming more susceptible to misuse. Lockdowns have become the reason behind the technical staffs having to work from remote locations that in turn is some or other way is compromising with the security of the firms. The alarming data suggests that almost 66% of the SMEs are finding it difficult to keep a track of their infrastructure. It is even more disturbing that 25% of these SMEs have chosen to leave their infrastructure unmonitored (SMEs face growing security risks thanks to remote working, 2022). This increases the chances of attacks on their networks and that they can fall prey to cyber criminals. The increased distance between the technical staff and their infrastructure and then again the delay being caused in maintenance and disaster response, offers better opportunity for the cyber criminals to take advantage of the vulnerabilities (Lallie et al., 2021). Thus, the situation demands for identification and formulation of best practices of cyber security so that the SMEs can be offered proper security in the scenario of remote working environment. SMEs already face various issues related to finances and thus have to ensure that cyber attacks do not happen in their firm. Cyber attacks can be bad for the growth of the company and add to the cost of the company. To avoid this disruption, it is needed that proper strategies should be in place.

Thus, the data given suggests that there is an immediate need to have proper cyber security frameworks so that cyber attacks can be stopped and the organizations be saved from huge loss which is otherwise encountered when attacks happen. Financial and reputational loss are something that affect the firms mainly the SMEs. Hence, with this research an attempt will be made to find out the issues related to cyber security when it is the concern of remote working.

The main sections of the research report are literature review, research methodology, findings and data analysis, conclusion and recommendation and lastly reflection.

There has been an increase in remote working since the start of the pandemic and this is what calls for greater focus on cybersecurity. The statistics suggests that 47% of the individuals are becoming victims of phishing scam while working at home (Impact of COVID-19 on Cybersecurity, 2022). The cyber attackers have taken this pandemic as an opportunity to elevate their criminal activities by exploiting the vulnerability of employees working from home. They have been found to be capitalizing on people’s strong interest in COVID related news. Then there is this consideration as well that the average cost of a data breach because of remote working can be as much as $137,000 (Impact of COVID-19 on Cybersecurity, 2022). SMEs which struggle with budgetary constraints can be said to be facing the wrath of the cyber attacks even more. Hackers are making use of various techniques such as credential stuffing for gaining access to credential of employees. Sensitive data of the employees is being stolen and sold to cybersecurity criminals. One of the consequences is that the business operations are disrupted. The statistics also suggest that SMEs have become the easy target. Thus, it is high time that the issues related to cyber security being faced by the SMEs in remote working environment be figured out.

Literature Review

The main aim of the research is to find the cyber security issues experienced by SMEs in remote working environment. SMEs already struggle for many reason such as lack of skilled workforce, minimal infrastructure, less funds and more. Adding to this are the cyber security issues that are being experienced by SMEs in the context of remote working environment. Thus, this research has to be conducted.

This research questions that will be addressed:

1. What are the various issues related to cyber security being faced by SMEs in remote working environment?
2. What are the specific issues related to cyber security in the context of remote working environment encountered by the SMEs?
3. How to develop effective and robust cyber security framework in this in increasing context of cyber attacks?

This research will be carried out to address the below given objectives:

1. To find out the various issues related to cyber security being faced by SMEs in remote working environment.

2. To gather primary data for the purpose of identification of issues related to cyber security in the context of remote working environment encountered by the SMEs.

3. To make a proper analysis of the data and come up with proper insights related to cyber security issues in the context of remote working environment encountered by the SMEs.

4. To offer needed insights so as to aid future research on creation of effective and robust cyber security framework.

In this section, the existing literature about the topic will be reviewed to find out some proper insights. This as well will also form the base for the research that will be done in the later stages.

Security issues that are linked to information technology (IT) have always been a major concern in all organizations. Cybercrimes has become the reason for the loss of much money, disruptive computer systems, badly affected critical infrastructures, compromise being done with the integrity and confidentiality of the network and more (Bada and Nurse 2019). With all of these negatives in place, there still remains little or no such academic literature on the issue of cybersecurity, especially for the developing nations. Kabanda, Tanner and Kent (2018), suggests that the developing nations have five central forces that outline their security landscape. The five central forces being talked about are poor “security hygiene”, exclusive patterns of usage that are otherwise not that popular in the developed nations, new users joining the Internet, making use of pirated software and lastly lack of proper understanding on the adverse consequences of cybersecurity. These can be said to be as the varied contextual factors that provide explanation as to why the SMEs go for information technologies but often forget to take a note of the cybersecurity concerns.

As per Rawindaran et al. (2021) in the present times, the economy digitalization paved way for growth drivers for business with systems and associated processes increasing at a rapid rate. Then again the emergence of the new field such as the Internet of Things, Artificial Intelligence added to the risks. These certainly provide the firms with many opportunities but then also came laced up with the risks. Ease of access was something that helped in this situation and the other reason being increased in the target surface. Löffler et al. (2021) opines that in SMEs, security never is an agenda as these always lay stress on development of new services and products considering two prime objectives that are time to market and minimization of cost. Cybersecurity is thus in general an issue for the citizens, companies and governments. SMEs are becoming the prime target for the hackers due to structural as well as behavioral features. It has to be that some constructive steps be taken in the direction of figuring out how cybersecurity can be handled in these SMEs. Antunes et al. (2021) adds that in the developing countries other main concern is that there is no proper infrastructure that can support the modern technologies. This is the reason where the cyber criminals get the opportunity to launch the attacks. The reports suggest that there has been unprecedented growth in the number of cyberattacks and mainly all of the targeted firms are SMEs. Lemnitzer (2021) opines that as the SMEs do not take into consideration the threats in a serious manner, they fail to address the atrocities arising from the same. The significance of remote working has been understood better during the COVID times when there was no provision left with the organizations and institutions to carry on with offline operations.

Research Methodology

There are various approaches for handling cybersecurity that include intrusion, hybrid, web server logging, signature and more. These days intrusion detection (ID) system is made use of in systems for the purpose of detection of unauthorized access to a network. ID can be made use of to avoid intrusions and thereafter provide necessary information in the context of a successful intrusion. Similarly, there are other approaches to handle cybersecurity that are anomaly intrusion detection, signature patterns, web server logging and hybrid approach. Corallo et al. (2022) opines that anomaly-based intrusion detection system commonly requires to work in a statistically momentous number of packets, as a specific packet is an anomaly when matched with some baseline. Again, this need for a baseline is something that comes up with various difficulties. Data sources for analyzed information can vary with host or network activity and here the application and command logs are the general sources for the purpose of analysis of information. Large volumes of data that needs proper analysis is to be avoided and to do this, ID systems store data for a specific span of time. The ID system is in general managed by means of Network Intrusion Detection Sensor Products (NIDS). This is the device that is associated to the network and assesses the data that is incoming into the server. Armenia et al. (2021), apart from this the use of anomalies is other means of addressing cybersecurity. Anomaly ID systems are in need of normal patterns of usage so that the intrusions can be properly identified. The behavior of the users is tracked and any derailment from the general decided on usage is termed as an intrusion.

As opined by Nurse (2021) remote working is aptly considered to be much demanded freedoms of information technology. But it is recently that almost all organizations in every sector has opted for this. COVID 19 pandemic has not left behind any other options for the firms. The companies those that did not put up efforts to set up conditions for remote working had to be shut. Remote working was something that was advice and technology proved to be the prime enabler of the alterations. Though not a new concept, has certainly brought about significant changes in the process the companies used to do work. Ali (2021) argues that companies had not given to remote working thinking about the various security issues that pop up in this case. The security of the networks of the organizations gets compromised with when staffs are working remotely. Ahmed and Nanath (2021) says that it was because of COVID 19 that remote working had to be dependent upon. This again gave a chance to the cyber criminals to launch phishing attacks and other such opportunistic incidents. As per the reports of the National Cyber Security Centre, they had to take down more than 2,000 related online scams in March 2020 (Furnell and Shah 2020). Another report suggests that nearly quarter of the firms had encountered surge in incidents after shifting to remote working. The results of the report was based on the survey conducted amidst 256 security professionals. Outcomes of the European Network of Cyber Security Centers (ECHO) revealed that there was no such change noticed in the approach taken by the attackers (Furnell and Shah 2020). But it was added that the cyber criminals were offered with richer landscape for exploitation. Individuals turned out to be vulnerable as well as easily exploitable target.

Findings and Data Analysis

Goh and Teoh (2021) highlighted some of the challenges for SMEs when working remotely. The first challenge pointed out was related to employee network infrastructure. This has been tagged as the biggest concern that popped up with remote working security in pandemic times. The challenge is all about the insufficiency of the network infrastructure at the house of the staffs who are working from remote locations. van Haastrecht et al. (2021) agrees to this and adds that in such situations, organizations do not have any control over speed, security and lastly reliability of network accessibility of the employees in remote locations. These in other terms can be said to be as inconsistencies in the network that result in severe problems in work coordination. The concern also lies in the fact that organizations are unable to handle security when there is lack of consistency in their network.

The next challenge is that about the VPN problems as for majority of the firms having a VPN with remote access is not something much common. This is even a bigger issue for the small businesses. When operating in a VPN network, the speed of the internet gets reduced mostly at times of high traffic. Organizations are required to opt for special configuration so that they get to understand the issue being faced. Uchendu et al. (2021) adds that lack of accountability becomes the reason for third-party VPN risks. VPNs offer little or rather no such audit records and that is the reason why one can neither monitor or keep a record of the actions of every third-party vendor making use of VPN.

Mannebäck and Padyab (2021) says, that cyber space is continuing to evolve from the weaponization of software and thus organizations are finding it mandatory to invest in technologies so that value can be obtained. It finds mention again that for the SMEs security was never given due importance in their agenda and that stands to be an alarm. The growing number of cyber attacks are going on to become the result of loss of money and reputation of the SMEs. During the pandemic times, the significance of the Internet and the computer systems has grown mainly for the SMEs. They have to rely heavily on these technologies to ensure that they keep on growing in a continuous manner and most importantly succeed in leveraging their business operations. SMEs always have this concern related to budget and expenses and like large companies cannot afford to provide employees with computer systems and so on. In that case all employees are working using their computer systems and in their own network. This makes them vulnerable towards attacks. Khando et al. (2021) hints at the fact the SMEs process huge volumes of personal information mainly when they are operating in the online sphere and thus they need to be aware of the different privacy laws and associated regulations. Loss of personal identifiable information (PII) can land the SMEs in grave trouble. Again, as mentioned due to less budget, SMEs make use of basic security control including endpoint antivirus protection, systematic software updates, firewalls and more. All of these are obsolete when it comes to the modern attacks being launched by the cyber criminals. There is a need to enhance the cybersecurity measures so that the modern types of attacks can be handled well. As per research done by Sinyuk, Panfilova and Pogosyan (2021) to address the demands in the pandemic times, many SMEs had to take the decision of shifting to cloud-based tools and platforms ensuring there is effective collaboration amid staffs. But Khando et al. (2021), suggests that as it was decision taken abruptly without much planning or proper project management, security part was ignored.

Conclusion and Recommendation

This specific research has been carried out adhering to qualitative research methodology. Under the purview of qualitative research methodology both secondary as well as primary data has been made use of.

There are two main research philosophies that are positivism and interpretivism. Positivism suggests that only factual data that is gathered through proper observations is something to be trusted. In case of positivism, the part of the researcher is constricted to collection of data and then its interpretation (Ragab and Arisha 2018). The results that are obtained adhering to this research philosophy is objective in nature. This relies on quantifiable observations that gave way towards statistical analyses (Al-Ababneh 2020). If the philosophy of positivism is aligned to then the researcher becomes independent from the study. There as well is no such provision for human interests within the study. On contrary to this, interpretivism relies on the principle that the researcher has a major role to play when it comes to observing the social world (Babii 2020). If the philosophy is considered then the research is based on the preferences or rather viewpoint of the researcher.

Here in this research the research philosophy that has been used is interpretivism. As the nature of the research is more of subjective type, adhering to the philosophy helped in proper interpretation of the subject matter. There was as stringent requirement to collect opinions related to issues of cyber security and thus interpretivism was best though to be best suited.

In general, there are two research approaches that are commonly referred to when conducting any research—inductive and deductive. Inductive approach starts with defined observations and the researcher seeks for some sort of patterns in those observations. After figuring out the patterns, he goes on to theorize those patterns (Bairagi and Munot 2019). On the other hand, deductive approach is in general linked to scientific investigation. The researcher in this case carries out investigation into what others have done (Cr 2020). He reads through the present theories of whichever phenomenon he or she is investigating on and then goes on to evaluate hypotheses emerging from these theories.

Here in this study, the approach that was made use of was inductive. This was chosen owing to the attributes such as flexibility, supportive of development of new theories, attending much closely to the research context and more. Again, as the research is fully qualitative in nature, inductive approach was the best suited. This helped the researcher to analyses the qualitative data to a great extent.

Qualitative and quantitative research methodologies are the two distinct types of research methodology. Qualitative research methodology is about collection and analysis of non-numerical data to understand the various concepts and experiences. This method is used to collect data through means of open-ended and conversational communication. On the other hand, quantitative research methodology refers to systematic investigation of phenomena by collecting quantifiable data and thereafter performing statistical, mathematical or computational techniques. This type of research gathers information from existing and potential consumers making use of sampling methods.

Reflection

Qualitative research methodology has been chosen as using this specific methodology it became much easy for the researcher to understand attitudes, allowing creativity to be a driving force and incorporating human experience in the research. Proper insights could be obtained using this research methodology.

The different techniques that are commonly used in researches are interviews, focus groups, observations and surveys. In qualitative research methodology interviews are conducted where the respondents have the scope to come up with the opinions and perspectives. On the other hand, focus group refers to a group interview including a small number of demographically similar people who have other general traits or experiences. Observation refers to active acquisition of information from the primary source. In other words, observation is all about the act of observing something from something seen or experienced. Lastly, surveys here are open-ended  that is there is no predefined option provided to the respondents. They can answer or put in their inputs as per their preferences and opinions.

Here in this research, interviews have been conducted. The questions for the interview were same for all of the respondents.

Activities	1st to 3rd Week	4th to 10th week	11th to 13th  Week	14th to 17th  Week	18th to 21st  Week	22nd  to 23rd  Week	24th  Week
Selection of the topic	ü
Data collection from secondary sources	ü	ü
Creating layout		ü
Literature review		ü	ü	ü
Analysis and interpretation of  collected data				ü	ü	ü
Findings of the data					ü	ü
Conclusion of the study						ü
Formation of draft						ü	ü
Submission of final work							ü

Gantt chart

(Source: created by author)

Here in this research, only one research methodology has been adhered to that is qualitative. Interviews were conducted under the purview of this research methodology to get to the desired conclusions. Qualitative research helped addressing the research objectives and questions in a better way. Mixed methods are advantageous but then these are time consuming and thus become the reason for delay in projects.

The research design that was followed is phenomenology. This research design was followed as it enables to investigate a specific topic and thereafter find out new theories on the basis of the collection and analysis of the real world data. Phenomenology is the research design that has been used in the research (D?wigo? and D?wigo?-Barosz 2018). This is best suited when not much is known about a specific phenomenon. Here the goal is come up with an explanatory theory that will be useful to uncover a process inherent to the substantive areas of inquiry. The data collection part is given due importance when adhering to phenomenology.  In the context of this research, data collection was done in terms of interviews and thus phenomenology was found to best suited to legitimize the qualitative data thus collected (Melnikovas 2018). Phenomenological research is the qualitative research approach that seeks to understand as well as describe the universal essence of a phenomenon. This approach examines the daily experiences of human beings while appending the researchers’ fixed expectations about the phenomenon.

The technique was entirely qualitative and the procedure undertaken to collect data is as given below:

1. Deciding on key words
2. Searching for articles and journals with these keywords in databases such as Google Scholar and IEEE Explore.
3. Sorting the sources by applying filters of time range.
4. Sorting the sources in terms of content (going through abstract and key findings) to understand if these are relevant to the research.

1. Deciding on the company whose employees will be included in the research.
2. Approaching the authorities and explaining them the purpose behind this research.
3. Developing the questionnaire adhering to research ethics.
4. Taking the interview.

There are different types of sampling but here the sampling technique that has been adhered to is convenience sampling. This is a sort of non-probability sampling that involves the sample for the research being taken from the part of the population which is close to hand (Andrade 2021). This was chosen to ensure that the researcher gets to collect data easily as obviously if the respondents are taken from nearby firms or institutions, the research cost will be reduced.

The data collection and analysis has been done based on the data that has been collected from the semi-structured interviews. To make the work more compact primary and secondary data have been compared and contrasted so that proper analysis be done. The data collected from the semi-structured interview has helped a lot to analyse the situation. Then again for the proper analysis to be done, thematic analysis has been done. Thematic analysis refers to the method that is used to carry out proper analysis of qualitative data (Mohajan 2018). This in general is applied to set of texts that include interviews or transcripts. The researcher has to be made a close examination of the data to figure out what are the common themes. Here in this context, thematic analysis has been chosen because of some of the advantages that are flexibility of the method, proper data obtained through the means of interpretation of the themes and better scope to align to the research questions (Newman and Gough 2020). The researcher will be better able to understand the collected data as themes will be the reference to come up with the analysis.

The ethical considerations when carrying out this research were that none of the respondents were influenced in any way to opine similar to the views of the researcher. A consent letter was duly signed so that the research be proceeded with in a proper direction. Then again as secondary data has formed the base of the research, the sources had to be authentic and up to date (Ngozwana 2018). In no way can the researcher include outdated information as that might mislead the readers.

The limitation of the research is that it is totally based on qualitative data. There was much scope to include primary data as that could have made the study more compact and structured it well. Using mixed method would have ensured that the disadvantages of one is counterbalanced with the advantages of the other (Pandey and Pandey 2021). The study was carried out with low budget and this as well turned out to be a constraint. The paid materials could not be included in the paper including which could have made the research more informative. But certainly, all of these limitations did not affect the quality of the research as appropriate amount of time was taken to sort out the resources used and take the interviews. There was no compromise done in terms of time, also keeping in mind that the research needs to be completed on time. Thus, it can be said that limitations of the research were always kept in mind so that the negative impact could be reduced.

The method thus used for the research is qualitative research methodology. The philosophy chosen was positivism, research design was grounded theory, approach being inductive and analysis done being thematic. The research as well is also cross-sectional research because data was collected from the respondents and the secondary sources at a single point of time. The methods thus chosen are apt as per the research questions that have been framed and thus supported the researcher in his journey of addressing the objectives of the research.

• What are the specific cyber security challenges you have identified to secure IT infrastructure in remote environment?
• It is often identified that SMEs lack in cyber security planning. What is your opinion about this?
• Do you think that budgetary constraint affects capability of SMEs to respond to cybersecurity issues?
• Is change in workflow due to remote working environment responsible for lack of control over cyber security infrastructure?
• Is lack of employee knowledge also responsible for cyber security issues in remote working environment? Do you have any dedicated cybersecurity awareness program for employees?
• How cyber security management in remote working environment is different from traditional work environment and what additional challenges does it bring from cyber security and privacy perspective? Are there any specific challenges you have encountered in this context?
• What strategies have you adopted in addressing cyber security challenges in remote working environment and how effective are these strategies as per your opinion?
• What training initiatives you have undertaken to enhance employee cyber security knowledge and what additional challenges you have identified apart from delivering training in remote working environment?

 As mentioned in the above section convenience sampling has been used. The sample size for the interview is 3 and all of the ones included are from a cybersecurity firm nearby to the residence of the researcher. The interviewees are in the position of IT managers and IT admins.

No such analytical tool has been made use of to analyse the interview rather thematic analysis has been done.

The findings suggest that SMEs are facing many issues in the context of remote working. Cyber attacks have increased in the COVID times and this has led to think twice before shifting to the online medium. The literature suggests that remote working has provided the chance to the cyber criminals to launch phishing attacks and other such opportunistic incidents. The challenges that have been highlighted are employee network infrastructure, lack of control over the speed of the companies when employees are working from home. Then again it is also said that there are inconsistencies in the network resulting in some serious issues. Coordination gets affected to a great extent as availability of the employees becomes matter of concern. Organizations are required to opt for special configuration and use of VPN to be done.

Interview Questions	Meaning
What are the specific cyber security challenges you have identified to secure IT infrastructure in remote environment?	From this question the challenges of cyber security to secure IT infrastructure in remote environment will be understood.
It is often identified that SMEs lack in cyber security planning. What is your opinion about this?	Here the opinions of the respondents regarding lack of cyber security planning will be understood.
Do you think that budgetary constraint affects capability of SMEs to respond to cybersecurity issues?	Budget is a huge concern and thus this question had to be included. In SMEs there is already budgetary constraints and thus this needs to be addressed.
Is change in workflow due to remote working environment responsible for lack of control over cyber security infrastructure?	The factor of change in workflow is a major one and thus it needs to be figured whether it contributed to lack of control over cyber security infrastructure.
Is lack of employee knowledge also responsible for cyber security issues in remote working environment? Do you have any dedicated cybersecurity awareness program for employees?	Employees are the vulnerable sources to be targeted and thus this question had to be included. Cybersecurity programs are to be present in place and thus am evaluation done whether the firms are serious with this.
How cyber security management in remote working environment is different from traditional work environment and what additional challenges does it bring from cyber security and privacy perspective? Are there any specific challenges you have encountered in this context?	Remote working and working in normal offices are different and thus cyber security and privacy perspective are different as well. This question will help realise the specific challenges that will be encountered in the remote environment.
What strategies have you adopted in addressing cyber security challenges in remote working environment and how effective are these strategies as per your opinion?	Strategies are a necessity in the remote working environment when cyber security is concerned.
What training initiatives you have undertaken to enhance employee cyber security knowledge and what additional challenges you have identified apart from delivering training in remote working environment?	Training initiatives are needed to be undertaken for sure in the growing adverse conditions of cyber security.

The analytical tool been used in this research is thematic analysis. Some major themes have been identified and are mentioned below. The researcher has been thorough with data collected from primary or secondary sources and has done a critical analysis in the section below.

 From the primary as well as the secondary data the issue being faced is that of budgetary constraints, lack of proper infrastructure, employees reluctant to understand the significance of cyber security. This hints at the fact that employers have to consider the consequences of the lack of proper training and the lack of cyber security culture at the firms. The SMEs took decision of shifting to the online medium due to the situation of the COVID times and they did not have time to plan. This meant compromising with the plan and rushing with the idea. It can be said that no such efforts were put to take expert advice and thus the consequences.

It can be said that shifting to the online medium is big decision to be made. There are many factors which are to be considered and factors being mentioned about more in number in the context of SMEs. SMEs are the firms that are already struggling with the budgetary constraints, less workforce and more such problems. Adding to this is the issue of shifting to the online medium and convincing the staff to adopt to the new medium.

 The primary data collected suggests that some strategies were taken such as frequent training given to the employees on cyber security. Some said that the employers had to invest much to provide equipment individually to the employees. But the answers obtained hint at the fact that the training being provided was of no use. There was no such positive fact found which could suggest that trainings being provided were effective. But then as well it is understood that some proper training and frequent training need to be given to the employees.

The data collected clearly hints at the fact that the training that was being provided was not providing effective results. The trainings have to be focused on and structured well with proper content. Industry experts need to be consulted to understand which aspects of the training program needs to be modified. The additions or deletion that can be made to the training materials need to be figured. The focus has to be on the trainer as well who is to provide the training to the employees.

Challenges in implementing the strategies

The data collected also hinted at the fact that there are some challenges in implementing the strategies. The main challenge identified was that the employees were not taking any such interest in the context of cyber security. They were not taking the training provided on a serious note. The policies and procedures that were there in the firms were also not being followed by the employees. Then again, the respondents also highlighted that the mental health of the employees are also an issue right now. They are not able to process such trainings when being mentally disturbed and emotionally exhausted.

The training sessions need to be made interactive so that the employees get interested in it. Some fun sessions can also be included to relax the employees from the stress and depression that they are going through in the COVID times. Some of the companies which have succeeded in handling the situation well need to be seeked help from. There practical experiences can help understand which strategies will give better or enhanced results.

Conclusion and Recommendations

Conclusion

From the above discussion done it can be said that the SMEs are certainly facing a tough time when handling the issues due to cybersecurity. The primary data collected clearly suggested that due to budgetary considerations or rather constrictions, the SMEs were not able to process the cyber security.  The culture at the SMEs is also not supportive of cybersecurity awareness programs. There is lack of planning which certainly affects the SMEs in the context of making the staffs aware of the cyber security programs. SMEs are becoming the prime target for the hackers due to structural as well as behavioral features. It has to be that some constructive steps be taken in the direction of figuring out how cybersecurity can be handled in these SMEs. SMEs do not take into consideration the threats in a serious manner; they fail to address the atrocities arising from the same. Then again, it has also been found that SMEs are becoming the prime target for the hackers due to structural as well as behavioral features.

The recommendations for the SMEs are:

1. Plan and then go for remote working.
2. Try to form a team which will exclusively handle the issues due to cybersecurity.
3. Take expert advice when taking any decision in the context of cybersecurity.
4. Major part of the budget should take into account the issue of cybersecurity.

The research helped me learn new things and also expanded my idea in the context of cybersecurity. Cybersecurity is certainly a concern in the SMEs and the main reason is that they do not take the matter on a serious note. They are busy focusing on enhancing brand image and reputation. The research process made me more patient and helped me realize the importance of time. Time management is something much needed when conducting research. The other main fact that will help me in my future venture is carrying out the required work with less resources in hand.

The research methods used certainly helped in reaching the conclusion. The choice of methods helped the researcher come up with a compact research. Interviews helped in gaining in depth knowledge about the subject and added practical aspects to the study. With the help of interviews thus conducted, the researcher could explain, understand and explore the opinions, behavior, phenomenon of the research subjects. Being open-ended questions, it was of much help to the interviewer to obtain in-depth information. The response rate is also better in case of interviews than mailed questions. The personal interaction between the researcher and the respondents was of much help to address the research questions. After conducting the research,  got a sound conception about how interview questions should be and how these can be incorporated into a specific research.

The research could have been done differently by using online surveys. Close ended questions could be used and sample size be increased. Making use of survey would have meant mixed methods thus helping the researcher to address the disadvantages of one method with the advantages of the other. Interviews again cannot be conducted with many as there are time constraints but if I would have opted for online survey, the sample size could have been greater. The number of respondents thus being more, the result obtained could be expected to be more accurate.

The lesson that was learnt after conducting the research is that use of mixed methods can prove to be much more appropriate in a research environment. This would have given the researcher the opportunity to collect data from many respondents thus ensuring that the research questions be addressed with greater appropriateness. I also understood that when conducting any research there is a need to be organized and manage tasks in a proper way. Missing out on tasks or subtasks may land the research in trouble.

References 

Ahmed, N.N. and Nanath, K., 2021. Exploring Cybersecurity Ecosystem in the Middle East: Towards an SME Recommender System. Journal of Cyber Security and Mobility, pp.511-536.

Al-Ababneh, M.M., 2020. Linking ontology, epistemology and research methodology. Science & Philosophy, 8(1), pp.75-91.

Alahmari, A.A. and Duncan, R.A., 2021, July. Investigating Potential Barriers to Cybercyber security Risk Management Investment in SMEs. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1-6). IEEE.

Ali, R., 2021. Looking to the future of the cyber security landscape. Network Security, 2021(3), pp.8-10.

Andrade, C., 2021. The inconvenient truth about convenience and purposive samples. Indian Journal of Psychological Medicine, 43(1), pp.86-88.

Andrade, C., 2021. The inconvenient truth about convenience and purposive samples. Indian Journal of Psychological Medicine, 43(1), pp.86-88.

Antunes, M., Maximiano, M., Gomes, R. and Pinto, D., 2021. Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 1(2), pp.219-238.

Armenia, S., Angelini, M., Nonino, F., Palombi, G. and Schlitzer, M.F., 2021. A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 147, p.113580.

Babii, A., 2020. Important aspects of the experimental research methodology. ?????? ??????????????? ????????????? ?????????? ????????????, 97(1), pp.77-87.

Bairagi, V. and Munot, M.V. eds., 2019. Research methodology: A practical and scientific approach. CRC Press.

Corallo, A., Lazoi, M., Lezzi, M. and Luperto, A., 2022. Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, p.103614.

Cr, K., 2020. Research methodology methods and techniques.

Deloitte Switzerland. 2022. Impact of COVID-19 on Cybersecurity. [online] Available at:

<https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html> [Accessed 10 June 2022].

D?wigo?, H. and D?wigo?-Barosz, M., 2018. Scientific research methodology in management sciences. Financial and credit activity problems of theory and practice, 2(25), pp.424-437.

Goh, C.H. and Teoh, A.P., 2021, November. Determining Bring Your Own Device (Byod) Security Policy Compliance Among Malaysian Teleworkers: Perceived Cybersecurity Governance as Moderator. In 2021 IEEE 5th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE) (pp. 305-310). IEEE.

Khando, K., Gao, S., Islam, S.M. and Salman, A., 2021. Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security, 106, p.102267.

Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X., 2021. Cyber cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Cyber security, 105, p.102248.

Lemnitzer, J.M., 2021. Why cybersecurity insurance should be regulated and compulsory. Journal of Cyber Policy, 6(2), pp.118-136.

Löffler, E., Schneider, B., Zanwar, T. and Asprion, P.M., 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games, 8(1), pp.59-70.

Mannebäck, E. and Padyab, A., 2021. Challenges of Managing Information Security during the Pandemic. Challenges, 12(2), p.30.

Melnikovas, A., 2018. Towards an explicit research methodology: Adapting research onion model for futures studies. Journal of Futures Studies, 23(2), pp.29-44.

Miethlich, B., Belotserkovich, D., Abasova, S. and Veselitsky, O., 2021. Transformation of digital management in enterprises amid COVID-19 pandemic. IEEE Engineering Management Review.

Mohajan, H.K., 2018. Qualitative research methodology in social sciences and related subjects. Journal of Economic Development, Environment and People, 7(1), pp.23-48.

Newman, M. and Gough, D., 2020. Systematic reviews in educational research: Methodology, perspectives and application. Systematic reviews in educational research, pp.3-22.

Ngozwana, N., 2018. Ethical dilemmas in qualitative research methodology: Researcher’s reflections. International Journal of Educational Methodology, 4(1), pp.19-28.

Nurse, J.R., 2021. Cybersecurity Awareness. arXiv preprint arXiv:2103.00474.

Okereafor, K., 2021. Cybercyber security in the COVID-19 Pandemic. CRC Press

Pandey, P. and Pandey, M.M., 2021. Research methodology tools and techniques. Bridge Center.

Pranggono, B. and Arabo, A., 2021. COVID?19 pandemic cybercyber security issues. Internet Technology Letters, 4(2), p.e247.

Ragab, M.A. and Arisha, A., 2018. Research methodology in business: A starter’s guide. Management and organizational studies, 5(1), pp.1-14.

Rawindaran, N., Jayal, A., Prakash, E. and Hewage, C., 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet, 13(8), p.186.

Säfsten, K. and Gustavsson, M., 2020. Research methodology: for engineers and other problem-solvers.

Sinyuk, T., Panfilova, E. and Pogosyan, R., 2021. Digital transformation of SME business models as a factor of sustainable socio-economic development. In E3S Web of Conferences (Vol. 295, p. 01028). EDP Sciences.

Snyder, H., 2019. Literature review as a research methodology: An overview and guidelines. Journal of business research, 104, pp.333-339.

Thakhathi, D., Shepherd, M. and Nosizo, N., 2018. Ethical considerations in social research.

Uchendu, B., Nurse, J.R., Bada, M. and Furnell, S., 2021. Developing a cyber security culture: Current practices and future needs. Computers & Security, 109, p.102387.

van Haastrecht, M., Sarhan, I., Shojaifar, A., Baumgartner, L., Mallouli, W. and Spruit, M., 2021, August. A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs. In The 16th International Conference on Availability, Reliability and Security (pp. 1-12).

Wallace, M. and Sheldon, N., 2015. Business research ethics: Participant observer perspectives. Journal of Business Ethics, 128(2), pp.267-277.

Wang, L. and Alexander, C.A., 2021. Cyber cyber security during the COVID-19 pandemic. AIMS Electronics and Electrical Engineering, 5(2), pp.146-157.

Zangirolami-Raimundo, J., Echeimberg, J.D.O. and Leone, C., 2018. Research methodology topics: Cross-sectional studies. Journal of Human Growth and Development, 28(3), pp.356-360.