You’ve spent years getting your business up and running, marketing your product or service, and gaining faithful customers. Your small business is everything you had wanted, hoped, and dreamed. There are 28.8 million small businesses in the US and they account for 99.7% of all businesses. Small businesses are the backbone of our economy. These businesses are also (often unknowingly) directly in the crosshairs of malicious hackers and cyber attacks.
Many small businesses are under the impression that they are not the target of hackers and that they are mostly immune to experiencing a data breach. They simply believe they don’t have anything that a hacker would want, which is far from the truth.
Small to Medium Businesses – the New Target for Threats
Despite a rise in cyber attacks, many small businesses still believe that they won’t be the target of a malicious attack. The reality is worse than business leaders choose to believe:
- Negligent employees are the #1 root cause behind data breaches
- 50% of small businesses are targets for ransomware
- The damage to businesses when hit by ransomware is over $1 million
But why would hackers want to target small businesses? We have seen the rise in malicious attacks and data breaches covered in the news, especially related to large corporations – Target, JP Morgan & Chase, Home Depot, Sony, HBO, and most recently Equifax. These obviously get the most attention because each instance can affect millions of customers.
While large corporations get the major news coverage and negative publicity when their data is compromised, hackers are focusing more and more on SMBs for several reasons:
- SMBs may not have the security protection resources that larger companies can afford
- Many SMBs will pay out ransomware demands
- SMBs can sometimes be a gateway into other businesses, regardless of size
- It’s easier to hack into a SMB than an enterprise
According to the State of the SMB Cybersecurity Report back in 2016, 14 million SMBs were breached by hackers. Yet most SMB owners don’t believe they would ever be targeted (a whopping 87% of them believe this), are unconcerned about hackers, cyber criminals, or employees stealing data (66%), and believe a data breach wouldn’t affect their business (47%).
Here's a sobering fact - 70% of businesses will go out of business after a major data loss.
Everything that you have worked for could literally slip through your fingers with the click of a mouse on a suspicious link.
What SMBs Can Do
As an SMB owner, if you haven’t given much thought to security or cyber attacks, then you absolutely need to. Immediately. The cyber security landscape is no longer about ifyour business will be a target, but when. The precautions you take as a business leader, especially related to client or customer data that might be compromised, can make or break your business.
What can SMBs do to help protect themselves and their customer data and information, especially when they don’t have the same capital or resources large enterprise companies have? Here are three ways to start:
#1. Beef Up Your Security – the first step in protecting your business is to make sure you have security protection set up in the first place. Set up a firewall on your network, ensure you have quality security software in place, and use hard to crack passwords. These are basic steps, but also key in keeping attackers out. If your budget permits, work with a trusted IT security partner, like InfoSystems, to actively monitor and manage your IT security.
#2. Plan Out Your Security – sort of a "point one, part B" should be putting a formal security policy and plan in place. It doesn’t have to be an enterprise-level plan (unless you want it to be), but it should cover any security risks that you expect employees to be exposed to, such as social media, email phishing scams, and employee-owned devices (see point 3 below).
#3. Train Your Employees (and Yourself) – this might be the simplest and easiest step. As stated earlier, the biggest data breaches that happen are due to employee accidents or negligence. We have an entire blog post dedicated to the topic of understanding how internal risks are sometimes more harmful than external ones [link to blog]. Checking Facebook, using a personal device to access applications or company data, or clicking on suspicious emails can all be entry points for hackers. A solid defense will always include employee education.
Passwords are, for now, the most common way to protect ourselves and accounts online. They are also the most common ways hackers are able to gain access to sensitive information. Even the creator of the modern ‘strong password’ – where we needed a special character and at least one number – is regretting the tips he gave. Why? Because it pushed all of us to become lazy about managing our passwords. Who hasn’t just changed a previous password by adding in a !, ?, or 123 to avoid the hassle of remembering something completely different?
Security is a crucial aspect for any business, large or small. Small and mid-sized business owners and leaders should take the same approach to security as their larger counterparts, by ensuring data and personal information is protected and secure. The best way to accomplish this is by getting help from an IT partner, like InfoSystems.
We can provide a complete security assessment and address all of the potential issues. Get started now.