A single cybersecurity hack could cost, in a small business, a loss of $256,000 according to a recent analysis in Tech Republic. This year has seen a huge spike in major cybersecurity attacks. Enigma Software, the makers of the SpyHunter anti-malware program, found there were more than 1.5 million infections detected in the first half of 2017, and the number could be even higher in the end of the year.
Major hacks, ransomware and phishing are all on the rise. Yet many small business owners continue to mistakenly believe their company won’t be a target. It’s tempting to think that cyber-attacks won’t happen to your business because your company is too small or inconsequential to matter to hackers. It’s in the common sense that cyber attackers target the big corporations of the world and not small businesses that employee just a handful of people.
But seen the facts, small businesses are just as likely to be the victim of cyber attacks as large corporations. Simply, an attack on a small business with 50 employees won’t make headlines anywhere. We fall victim to our own confirmation bias: if we don’t hear about it happening, we assume it isn’t. That’s dangerous thinking for a small business. While large corporations can bounce back from cyber attacks, it’s much more difficult for small businesses to recover. Could your business recover from a breach that costs upwards of $250,000 and potentially devastates client trust should confidential information be leaked? Don’t wait until it’s too late to take action.
Know the threats and assess your risks:
- Malware infections: Malware infections can come in many forms, including adware, spyware and ransomware, which locks critical files and holds these files “hostage” until a ransom is paid. Without appropriate restrictions at work, employees may unknowingly download one of these programs, jeopardizing both their own computer and company-wide security.
- Mobile devices: An estimated 4% of all mobile devices are already infected with malware, not only impacting the device owner but also employers.
- Credential threats: Hackers can use social media and workplace emails to bypass network defenses and gain access using compromised employee credentials.
Are your systems protected?
With large corporations beefing up their enterprise security, hackers are turning to vulnerable small businesses. Hackers can use tools to search for unprotected networks and computers. Once a computer is identified, the hacker will then take over the computer and use it to launch a full attack on the network.
Bring Your Own Device (BYOD) culture is in full swing, with employees using their own smartphones, tablets and sometimes even their personal computers for company work. While many companies decide the benefits (increased productivity, lower hardware costs) outweigh the risks (hackers and viruses), your business still needs a company-wide policy that regulates what data employees can access and what happens if an employee’s device is lost, stolen or compromised. Antiquated systems could leave your company vulnerable to hacks and intrusion.
It needs to take some steps to protect a business:
Educate: Technology threats change quickly and employee training must keep pace. Commit to keeping employees up to date on your company’s security policies. Codify these policies and require employee signatures to confirm understanding and enforce compliance.
Protect: At a minimum, all company computers should be protected by a hardware or software firewall, as well as anti-virus and anti-spyware programs. If your company is shifting data storage to the cloud, assess and update existing security protocols. A virtual private network (VPN) is a more secure option for accessing your company’s network.
Bring in the experts: Most small businesses can’t afford to keep a full-time cybersecurity expert on staff. One option is to bring in a specialized contractor on a project basis. Your company can tap into expert talent for more complex cybersecurity threats, like cloud-based security protocols, without paying steep fees for a full-time expert.
2017 is a critical inflexion point for cybersecurity. Small business owners can no longer assume that they won’t be targeted or that installing an anti-virus software program on a desktop computer is sufficient. Taking steps now to identify and shore up vulnerabilities can save your business from a full-on cyber disaster.
References: Mark Smith, The Guardian, https://www.theguardian.com/small-business-network/2016/feb/08/huge-rise-hack-attacks-cyber-criminals-target-small-businesses.