Do not believe the myth that as a small business owner you are too small for a cyber-attack. We all know the headlines of large organizations being attacked like Target or Facebook. However, according to ConnectWise 55% of small and medium sized businesses have experienced a cyber-attack. With the pandemic, a lot of SMBs have moved their business online. Cyber criminals are taking advantage of that.
The cybersecurity measures such as firewalls and antivirus software that most small businesses believe will protect them just are not enough anymore. With the boom of online commerce, SMBs must change their thinking from traditional physical attacks to digital ones. This adds challenge, given that they cannot see the threat and often rely solely on the same antivirus measures they always have or those they use personally.
Types of Cyber Attacks
Ransomware is a type of malware that disables access to your system and data until a ransom is paid. The average ransom amount hackers ask SMBs for is $5,600, but if you factor in downtime, legal services, and other aspects of breach protocol, the actual cost of the entire experience could be up to 50 times more than the payment, i.e., over $250,000.
The Extortion tactic is much like black mail, where attackers extract sensitive information and then threaten to expose it on the internet unless you pay them a certain amount.
Data theft is a tactic unlike the two above, because instead of asking for a payment to get your information back, the cyber criminals just steal it and sell it online, usually on the black market.
Phishing is another way cyber criminals can hack into your network, by posing as legitimate agencies or even heads of small businesses to other employees, sending pseudo-mails and texts to gain information and then inject malware into networks. This has been found to be a very popular method recently, as there is a higher volume of interconnection between business networks and devices.
The “threat landscape” as some cybersecurity professionals call it, is much more complex than it used to be, and many cyber-attacks gain a foothold without deploying malware at all. According to CrowdStrike’s 2020 Global Threat Report, malware-free attacks have seen a steep rise from 49% in 2018 to 60% and growing in 2020. That is over half of all businesses around the world, meaning it is now more important than ever to take the right steps in protecting your business.
Today’s modern cyber criminals are not to be underestimated. Some work together in well-funded, disciplined groups, while others prefer to go solo, but they are highly organized, specialized criminals more relentless than ever. There is a constant stream of new tactics being developed, such as RaaS (ransomware as a service), which is a ready-made kit for cybercriminals to use malicious code that locks you out of your system.
Best Practices to Protect Your Small Business
- Create security protocols and policies for all employees and third parties to follow. Train all employees and even third parties (in certain cases) on basic security practices, such as requiring strong passwords, changing these passwords periodically, checking emails or attachments sent to them before fully accessing them, and regularly backing up data. Take this a step further and require this of independent contractors such as freelancers as well. In some cases, they may not be as integrated into the company, but if they have access to your network and possible sensitive information, they may become a liability.
- Create a mobile device specific security policy. As discussed, the interconnection of business networks and devices, including mobile devices (smartphones, tablets, etc.) pose security management challenges. Creating a security policy specifically tailored to mobile devices will go a long way in protecting any sensitive information that may be vulnerable. Make it a requirement that all employees password-protect their devices, encrypt their data, and install high quality security apps to help prevent breaches while these devices are on public networks.
- Educate all employees and clients on cybersecurity. Repetition is key for remembering, as well as staying up to date on security changes. Having a workshop, providing blog posts, and sharing cybersecurity reports will help ingrain the importance of keeping the company safe.
- Back up regularly. All data should be regularly backed up across all computers within the business. This includes word processing documents, spreadsheets, databases, financial files, HR files, accounting files and other files.
- Install anti-malware software and partner with a reputable cybersecurity company. Installing anti-malware and a strong firewall will help protect your business against attacks, but make sure to educate employees and clients on what to look out for and how to verify emails before fully accessing them.
There is a global transformation, accelerated by the pandemic, that is impacting every aspect of business, particularly in the accelerated rate of digitization. You need to know how to protect yourself and your business, amidst this. Many businesses who fall victim to these attacks we have discussed here, take years, if ever, to recover, or they simply close. Protect your small business today using these best practices.
Fabi Hubschmid, Chief Operating Officer and Co-Founder
About the author: Fabi Hubschmid is Chief Operating Officer and Co-Founder of Markaaz, the world’s first global platform to verify and connect every small business on the planet and the network of partners that support them. Hubschmid is a serial entrepreneur with global experience in the platform, construction, and smart cities industry with a track record of leading global and complex transformations across private and public sectors. Prior to co-founding Markaaz, Hubschmid was Strategic Development Officer for AXA Global Enterprise & Partnerships, Founder & CEO of the Enix Advisory, Smart Cities Instructor at Massachusetts Institute of Technology (MIT), and a member of PwC’s Global Smart Cities Team. Under the leadership of Hubschmid, the Markaaz team is developing a cybersecurity toolkit to further help SMBs understand their risks and protect their business. Hubschmid is focused on creating positive and sustainable impact for small business owners.