Cybercriminals Are Targeting Small Businesses That Don't Take Cybersecurity Seriously
Could your business recover from an abrupt loss of $256,000? Because that’s how much a single cybersecurity hack could cost a small business, according to a recent analysis in Tech Republic.
We’re barely halfway through 2017 and already this year has seen a huge spike in major cybersecurity attacks. Ransomware infections attacked the US pharmaceutical company Merck and the Danish shipping company Maersk. There have been viral, state-sponsored ransomware leaks of US spy agencies and a ransomware attack that crippled NHS hospitals and emergency rooms in the UK. Enigma Software, the makers of the SpyHunter anti-malware program, found there were more than 1.5 million infections detected in the first half of 2017, and the number could be even higher in the second half of the year.
Major hacks, ransomware and phishing are all on the rise. Yet many small business owners continue to mistakenly believe their company won’t be a target.
As a small business owner myself, I’ve fallen into this thinking before, too. It’s tempting to think cyber attacks won’t happen to your business because your company is too small or inconsequential to matter to attackers. Cyber attackers target the big corporations of the world like Merck and Maersk, not small businesses that employee just a handful of people, right?
Not so fast. Small businesses are just as likely to be the victim of cyber attacks as large corporations -- we’re just less like to hear about these attacks.
Think about it: an attack that cripples the UK’s public health system and emergency rooms is international news. An attack on a small business with 50 employees won’t make headlines anywhere. We fall victim to our own confirmation bias: if we don’t hear about it happening, we assume it isn’t. That’s dangerous thinking for a small business. While large corporations can bounce back from cyber attacks, it’s much more difficult for small businesses to recover. Could your business recover from a breach that costs upwards of $250,000 and potentially devastates client trust should confidential information be leaked?
Don’t wait until it's too late to take action. Know the threats and assess your risks.
Malware infections can come in many forms, including adware, spyware and ransomware, which locks critical files and holds these files “hostage” until a ransom is paid. Without appropriate restrictions at work, employees may unknowingly download one of these programs, jeopardizing both their own computer and company-wide security.
An estimated 4 percent of all mobile devices are already infected with malware, not only impacting the device owner but also employers.
Hackers can use social media and workplace emails to bypass network defenses and gain access using compromised employee credentials.
Do employees bring their own devices to work?
Bring Your Own Device (BYOD) culture is in full swing, with employees using their own smartphones, tablets and sometimes even their personal computers for company work. While many companies decide the benefits (increased productivity, lower hardware costs) outweigh the risks (hackers and viruses), your business still needs a company-wide policy that regulates what data employees can access and what happens if an employee’s device is lost, stolen or compromised.
What type of authentication system is used to access cloud-based data? Antiquated systems could leave your company vulnerable to hacks and intrusion.
Are your systems protected?
With large corporations beefing up their enterprise security, hackers are turning to vulnerable small businesses. Hackers can use tools to search for unprotected networks and computers. Once a computer is identified, the hacker will then take over the computer and use it to launch a full attack on the network.
Once you understand the threats and have assessed your vulnerabilities, take these steps to protect yourself.
Technology threats change quickly and employee training must keep pace. Commit to keeping employees up to date on your company’s security policies. Codify these policies and require employee signatures to confirm understanding and enforce compliance.
At a minimum, all company computers should be protected by a hardware or software firewall, as well as anti-virus and anti-spyware programs. If your company is shifting data storage to the cloud, assess and update existing security protocols. Do you use company Wi-Fi? A virtual private network (VPN) is a more secure option for accessing your company’s network.
Bring in the experts.
Most small businesses can’t afford to keep a full-time cybersecurity expert on staff. One option is to bring in a specialized contractor on a project basis. Your company can tap into expert talent for more complex cybersecurity threats, like cloud-based security protocols, without paying steep fees for a full-time expert.
Bottom line: 2017 is a critical inflexion point for cybersecurity. Small business owners can no longer assume that they won't be targeted or that installing an anti-virus software program on a desktop computer is sufficient. Taking steps now to identify and shore up vulnerabilities can save your business from a full-on cyber disaster.