Advancements in cloud technologies and software as a service over the last five years have proven to be a boon for small businesses, enabling them to deliver sophisticated customer experiences and services that mean even a sole proprietorship can operate on a global scale.
Today in the U.S. alone, there are 30.2 million small businesses, which make up 99.9% of all businesses in the country. The internet has become a key competitive advantage for small businesses, and these companies have the benefit of implementing technology quickly, as they typically arent working with vast systems or legacy architecture.
As helpful as the internet has been, however, it also has a dark side, leaving small businesses highly vulnerable to cybercrime. Unlike their large corporate counterparts, small and midsize businesses (SMBs) dont typically have the necessary infrastructure, trained personnel or protection measures in place to safeguard against a cyberattack.
Can a cyberattack happen to you?
Here is the sobering truth: It is not a matter of if you will be impacted by cybercrime, but when. Its a common misconception to believe that as a small business, you arent attractive to cybercriminals. This couldnt be further from the truth.
In 2018, 58% of all cybercrime victims were small businesses, according to a report from Verizon,and only 14% of those were adequately prepared to defend themselves. The average cost of a cyberattack for a small business is $200,000, more money than many can afford to pay. In fact, insurance carrier Hiscox says because of the high cost of cyberattacks, 60% of small companies go out of business within six months of being victimized.
Despite the 66% of small businesses who say they are concerned about cybersecurity, SMBs tend to fall short in a myriad of areas that leave them vulnerable to attack. Areas of weakness include failing to have a cyber safety strategy, failing to have an individual responsible for cybersecurity, failing to properly train employees on ways to help avoid or mitigate an attack and failing to maintain proper insurance against cyber risks, particularly a policy dedicated to cyberattacks.
It is true that small businesses may be less likely to face an advanced persistent threat (APT) or a highly targeted attack; however, they are prime targets for broader-based "trawl net" attacks. Ransomware is perhaps the most pernicious threat faced by small businesses, which, like its name suggests, is marked by an attacker stealing and/or encrypting data files and demanding a ransom of some sort to restore them.
Hackers know that most small businesses offer rich resources to mine, including highly sensitive customer data, and they also know the likelihood of encountering sophisticated security protections is minimal.
How will a cyberattack happen?
Believe it or not, the weakest links in your cybersecurity are your employees. Most attacks first initiate through phishing, a proactive attempt by would-be hackers to get you to share personal details like passwords, logins and other information through unsolicited emails or other forms of contact. If an employee mistakenly opens one of these emails, clicks on a malicious link or shares personal data with a cybercriminal, the entire company can quickly and easily be compromised.
Most security efforts made by SMBs are nominal at best. Small companies operate lean budgets, and cybersecurity products arent always high on the list of priorities. This means that many organizations make do with consumer-grade, or even free, cybersecurity products. These dont scratch the surface of what you need to protect your business. They are not centrally managed, and they dont offer sufficient protection.
Another issue for small businesses is adequate IT support. Large companies have specialists at their disposal who understand cybersecurity, which is different than just having a general IT background. This is an expense most small businesses cant afford, and the IT staff they do use tend to have limited knowledge -- if any -- about how to navigate cybersecurity and how to stay up to date on the latest risks and vulnerabilities.
So what can you do?
Most importantly, change your mindset. Assume that a cyberattack is a likely event for your company, whether targeted or random.
Next, prepare. Start with your staff. First, limit access for employees to only the data and applications required to do their jobs. Next, train them on awareness and practices and keep that education up to date. Share the latest trends in attacks and fraud. Consider drills or exercises that give employees a chance to act before an actual attack happens.
Deploy security products that are specifically designed to meet the needs of small businesses. This includes a firewall that can monitor network traffic based on predetermined security rules and provide a barrier between your network and the Wild West of the internet. It also includes a virtual private network (VPN) that can connect you and your employees safely when youre away from the main company network. Other low-cost tools like multifactor authentication, cyber analytics tools and ongoing vulnerability testing can prove helpful.
Ensure that all of your companys devices are running endpoint anti-malware software. This is your last line of defense against potential attacks including phishing, viruses and the like. Run endpoint software that is centrally managed, preferably through the cloud. This ensures that all of your companys devices are continually protected and updated against the latest threats, that you have complete visibility into your endpoint security posture and that you (or your IT provider) can be rapidly alerted if and when problems arise.
Finally, consider a managed security service that can provide all of the above without requiring you or your employees to become cyber experts. These services can be highly cost-effective, especially when considering the time and peace of mind saved.
If a cyberattack happens to you, do something. Surprisingly, 65% of all small businesses simply ignore a cybersecurity incident. Double down on your cyber protection, and communicate effectively with employees and customers. Never ignore an attack. Instead, learn where your vulnerabilities are, and work to fix them.
Read the original:
Will Your Small Business Withstand A Cyberattack? - Forbes