It’s a commonly held theory that employees are the weak link in corporate cybersecurity. But what about small businesses? Surely cybercriminals aren’t as interested in them, are they?
According to a June 2017 article on Business News Daily, small businesses are just as at risk for cyberattacks as larger companies. That’s the word from a report by Keeper Security and the Ponemon Institute, stating that 50% of small businesses have been breached in the past 12 months.
Why Are Small Businesses Targeted by Hackers?
Usually, you only hear of large corporation breaches such as Target and Home Depot. But that doesn’t mean small business aren’t attractive targets for hackers. In fact, the antivirus software company ESET said that “small businesses fall into hackers’ cybersecurity sweet spot.” That’s likely because they have more digital assets to target than an individual consumer, but less security than a larger organization.
Another reason small businesses appeal to hackers is that they are generally less careful about security. And unfortunately, a Towergate Insurance infographic shows that 82% of small business owners think they’re not targets for attacks because they don’t have anything worth stealing.
They’re wrong. In nearly all cases, the goal of a cyberattack is to steal and exploit sensitive data (customer credit info, personal credentials, etc.), whether it’s through phishing, malware, ransomware or insider attacks. That means ALL businesses are at risk, and the risks are growing. According to Forbes, cybercrime will cost an estimated $6 trillion per year on average through 2021.
Cyberattacks can bring potentially disastrous consequences, including the loss of investor or shareholder trust, damaged reputation, loss of data, and cost of recovery.
“Companies, both small and large, should expect cyberattack attempts. There should be active safeguards and strong protections in place.”
There are basic security software solutions that should not be overlooked, each offering varying levels of protection. Antivirus software, for example, is the most common and defends against most types of malware.
Firewalls can be applied via hardware or software. They provide added protection by preventing unauthorized users from accessing a computer or network. Some computer operating systems (i.e. Microsoft Windows), come with built-in firewalls. They can also be added separately to routers and servers.
It’s suggested that businesses also invest in a data backup solution. That way, information compromised during a breach can be recovered from an alternate location.
Encryption software protects sensitive data like employee records, client/customer information, and financial statements and two-step authentication or password-security software reduces the likelihood of password cracking.
Business News Daily points out that there’s no one-size-fits-all security solution so it might be worth your time to run a risk assessment test to determine vulnerabilities.
Security Best Practices
So where do you start when you want to protect your business and its data? The following best practices will go a long way in keeping your company as safe as possible:
1. Keep software up to date – “An outdated computer is more prone to crashes, security holes and cyberattacks than one that’s been fully patched.” Hackers constantly scan for security vulnerabilities, so if you let weaknesses slide by for too long, you’re just invited hackers to target your business and data.
2. Educate employees – According to Harvard Business Review, employees are the weak link in corporate cybersecurity. But they are also the best defense if given policies that are easy to follow and not too complex. Employee security training needs to be user-friendly and simple to be effective.
Make your employees aware of how cybercriminals infiltrate networks and business systems and teach them how to recognize signs of a breach. Employees should also be educated on how to stay safe while using your company network.
3. Implement security policies – Siber Systems points out that having company-wide security policies in place will help reduce your likelihood of an attack. They advise the use of strong passwords (with upper and lowercase letters, numbers and symbols) that must be changed every 60 to 90 days.
4. Review & Practice incident response plan – It’s recommended that you not only have an incident response plan in place but that you review and practice it frequently enough that your staff can detect and contain breaches quickly should an incident occur.
Ultimately, suggests IBM, “The best thing you can do for your business is to have a security-first mentality.” Small businesses shouldn’t assume that because of their size they are exempt from cyber attack.
“The Threat of cyber attacks is ever-present and isn’t going away. Methods are becoming more sophisticated and ever-increasing connectivity means there are more opportunities for cyber criminals than ever.
“The risks to businesses are sever: a cyber-attack can impact your bottom line, your reputation and even your ability to continue operating.
“There’s plenty you can do to insulate yourself against the risk, and the most dangerous course of action would be to disregard the threat. Consult a professional, ensure your staff understand security best-practices, make sure that your company’s most important assets are safeguarded and have a plan in place for responding to any breaches.”
Source: Towergate Insurance