Small and midsized business owners are obviously aware of the threat of cyber attacks. You read about them in newspapers or hear about them on news reports. Everyone knows about the attacks on big companies including Yahoo, eBay, Equifax, Target Stores, JP Morgan Chase, the U.S. Office of Personnel Management, Sony Pictures, Home Depot, Adobe, and more.
However, many SMBs operate with the, “I’m small, there are much bigger targets… what would a hacker want from me?” mentality. But you wouldn’t leave your office unlocked after hours, would you? That’s essentially what you’re doing with your data if you’re not taking cybersecurity measures.
If you believe your small business is safe from a cyberattack, think again.
Small Business, Big Target
The Ponemon Institute, a Michigan-based group that researches data protection and info-sec policy, found that in 2018, 67 percent of small to midsized businesses (100 – 1,000 employees) had experienced a cyberattack. 58 percent reported that the attack had occurred within the last year.
According to a similar report by Cisco in 2018, 53 percent of midmarket companies have experienced a cyber breach. The report also found that 20 percent of these businesses (which the group defines as having between 250 and 499 employees) say these breaches cost them a staggering figure — between $1 million and $2.5 million.
So why are hackers even interested in small businesses? The answer is simple — they are vulnerable because they don’t see themselves as targets, but there is no such thing as security by obscurity anymore. Additionally, they lack the resources to protect themselves like large enterprises, making them highly desirable targets.
(But if companies like Target, JP Morgan Chase and Sony can’t protect themselves with armies of security professionals and fully-stocked arsenals of cyber defense tools, what chance do SMBs have against cybercriminals? Learn more about how ThreatWarrior helps SMBs here.)
Moreover, hackers use the systems of small companies to attack larger companies. The cyberattack on Target began with an attack on a small HVAC company.
How Did the Hackers Get In? Someone Probably Opened the Door…
Phishing schemes are a particularly common attack method. In this type of cyberassault, a bad actor sends emails designed to convince the recipient to click a malicious link or enter some type of information.
If the recipient opens the attachment or inputs personal information, they can inadvertently give the hacker access to the device and they can steal, encrypt or delete data, change or hijack functions of the machine and monitor device activity.
Worse, if ransomware is attached to link in the email, when clicked, cybercriminals can lock down your systems — demanding payment before allowing you to regain access to your data.
Prevention, Prevention, Prevention
Attacks like these are what makes it so important that businesses take every preventative measure possible to secure their data. If you have up-to-date backups, you can wipe your systems and restore everything. You might be out of commission for a few hours or days, but that’s better than the alternative — paying the ransom, which doesn’t even guarantee the safe return of your data.
Additionally, if you’re not taking preventative measures and you’re the victim of a breach, it can cost you more than cleanup and mitigation. You will likely have to pay for security upgrades, conduct audits, and spend time on myriad other things that will take time away from regular business. There’s the added risk that the attack will damage the brand’s reputation and even scare off would-be customers.
Protect Your Small Business
You can protect your company’s network by educating your employees about suspicious emails and caution them not to open the attachments. Moreover, it is imperative that you include some kind of security software and firewall in your systems to defend against these attacks. Every endpoint of your network needs to be protected including all desktops, laptops, smartphones and tablets, IoT devices – anything that has access to the network. Closely monitor every login to be certain it is legitimate. If your business deals with credit cards, follow PCI-DSS standards. In addition, consider purchasing cyber liability insurance.
You should also follow frameworks designed to help you mitigate cyberattacks. One developed by the National Institute of Standards and Technology (more about that in our blog here) offers best practices to help you plan for and manage the outcomes of a cyberattack.
There are so many things you should be doing to protect your business (no matter the size) from cybercriminals, and don’t wait for a cyberattack to happen first. It is essential that you take steps to protect your business prior to any breaches.
If you haven’t already, we recommend you start now.