Do not believe the myth that you are too small for a cyber attack as a small business owner.
We all know the headlines of prominent organizations being attacked like Target or Facebook. However, according to ConnectWise, 55% of small and medium-sized businesses have experienced cyberattacks. With the pandemic, a lot of SMBs have moved their business online. Cybercriminals are taking advantage of that.
The cybersecurity measures such as firewalls and antivirus software that most small businesses believe will protect them are not enough anymore. With the boom of online commerce, SMBs must change their thinking from traditional physical attacks to digital ones. This adds challenge, given that they cannot see the threat and often rely solely on the same antivirus measures they always have or those they use personally.
Types of cyber attacks
Ransomware is malware that disables access to your system and data until a ransom is paid. The average ransom amount hackers ask SMBs for is $5,600. Still, if you factor in downtime, legal services, and other aspects of breach protocol, the actual cost of the entire experience could be up to 50 times more than the payment, i.e., over $250,000.
The Extortion tactic is much like blackmail, where attackers extract sensitive information and then threaten to expose it on the internet unless you pay them a certain amount.
Data theft is a tactic unlike the two above because instead of asking for a payment to get your information back, cyber criminals steal it and sell it online, usually on the black market.
Phishing is another way cybercriminals can hack into your network by posing as legitimate agencies or even heads of small businesses to other employees, sending pseudo-mails and texts to gain information, and then inject malware into networks. This is a very popular method recently, as there is a higher volume of interconnection between business networks and devices.
The “threat landscape,” as some cybersecurity professionals call it, is much more complex than it used to be, and many cyber-attacks gain a foothold without deploying malware. According to CrowdStrike’s 2020 Global Threat Report, malware-free attacks have seen a steep rise from 49% in 2018 to 60% and grow in 2020. That is over half of all businesses worldwide, meaning it is now more important than ever to take the right steps to protect your business.
Today’s modern cybercriminals are not to be underestimated. Some work together in well-funded, disciplined groups, while others prefer to go solo, but they are highly organized, specialized criminals more relentless than ever. A constant stream of new tactics is being developed, such as RaaS (ransomware as a service), a ready-made kit for cybercriminals to use malicious code that locks you out of your system.
Best practices to protect your small business
- Create security protocols and policies for all employees and third parties to follow. Train all employees and third parties (in some instances) on basic security practices, such as requiring strong passwords, changing them periodically, checking emails or attachments sent to them before fully accessing them, and regularly backing up data. Take this a step further and require of independent contractors such as freelancers as well. In some cases, they may not be as integrated into the company, but they may become a liability if they have access to your network and possibly sensitive information.
- Create a mobile device-specific security policy. As discussed, the interconnection of business networks and devices, including mobile devices (smartphones, tablets, etc.), pose security management challenges. Creating a security policy specifically tailored to mobile devices will go a long way in protecting any sensitive information that may be vulnerable. Make it a requirement that all employees password-protect their devices, encrypt their data, and install high-quality security apps to help prevent breaches while these devices are on public networks.
- Educate all employees and clients on cybersecurity. Repetition is vital for remembering, as well as staying up to date on security changes. Having a workshop, providing blog posts, and sharing cybersecurity reports will help ingrain the importance of keeping the company safe.
- Back up regularly. All data should be regularly backed up across all computers within the business. This includes word processing documents, spreadsheets, databases, financial files, HR files, accounting files, and other files.
- Install anti-malware software and partner with a reputable cybersecurity company. Installing anti-malware and a strong firewall will help protect your business against attacks. Educate employees and clients on what to look out for and how to verify emails before fully accessing them.
A global transformation, accelerated by the pandemic, is impacting every aspect of business, particularly with the accelerated rate of digitization. You need to know how to protect yourself and your business amidst this. Many companies who fall victim to these attacks we have discussed here take years if ever, to recover or close. Protect your small business today using these best practices.
Fabi Hubschmid, Chief Operating Officer and Co-Founder, Markaaz
About the author: Fabi Hubschmid is Chief Operating Officer and Co-Founder of Markaaz, the world’s first global platform to verify and connect every small business and the network of partners that support them. Hubschmid is a serial entrepreneur with international experience in the platform, construction, and intelligent cities industry with a track record of leading global and complex transformations across private and public sectors. Before co-founding Markaaz, Hubschmid was Strategic Development Officer for AXA Global Enterprise & Partnerships, Founder & CEO of the Enix Advisory, Smart Cities Instructor at Massachusetts Institute of Technology (MIT), and a member of PwC’s Global Smart Cities Team. Under the leadership of Hubschmid, the Markaaz team is developing a cybersecurity toolkit to help further SMBs understand their risks and protect their business. Hubschmid is focused on creating a positive and sustainable impact for small business owners.