Willy Sutton, a famous US bank robber of the 1930s, was once asked why he targeted banks. He was said to reply, “Why, that’s where the money is!” In the same spirit, cyberattackers break into SMB networks for personal information ripe for identity theft or an expressway into other companies’ networks.
Although cyberattacks on SMBs are an old story, they don’t get the media attention of hacks on larger companies. Scant media coverage makes it easy for SMB managers to underestimate the chances and costs of getting hit by a cyberattack.
The reality of SMB experience provides a chilling message: Just as no company is too large for a cyberattack, no company is too small.
Trends highlight more phishing and supply chain exploits
Cyberattacks on SMBs are a real and growing problem. According to research, the percentage of small businesses that have experienced a cyberattack over the course of 12 months was 61%.
Other trends support the notion that denial of service (DoS) and other cyberattacks on SMBs are serious business. Fear of phishing has displaced concern about new forms of malware as the No. 1 SMB attack method. Supply chain attacks are more frequent. These occur when the bad guys attack an SMB supplier, vendor, or partner company to gain access to larger organizations via unprotected connections.
In a pattern like attacks on enterprise organizations, attackers keep developing new forms of malware, which keeps SMB security pros scrambling to keep pace. Finally, new technology and services enable more attacks on SMBs. Internet-connected IoT devices and cloud services continue to provide bad actors with new attack targets.
Business impact that goes beyond the bottom line
The potential business impact of SMB cyberattacks can be massive. Consider that breaches into your system can:
- Cost you big bucks, your reputation, or even your company. Of the 43 percent of reported cyberattacks that targeted SMBs, 60% of those companies went out of business within six months of the attack.
- Provide bad guys with entry to customers’ IT infrastructure. An SMB can cause significant damage to their customers and partners by being the weakest cybersecurity link. For example, a small company exposed 157 GBs of highly sensitive data from more than 100 global companies.
- Affect your business relationships. Many enterprises are choosing their vendors, suppliers, and partners by their robust, resilient IT security.
Watch out; your attitude is showing
We’ve established that SMBs are as vulnerable to cyberattacks as larger organizations. However, what makes them vulnerable to ransomware, payroll account hijacking, unauthorized wire transfers, IoT devices, and insider threats? People, technology and unhelpful attitudes.
- Most often, cyberattacks were a direct result of simple human errors. Who’s at fault? Often, it’s employees who abuse their privileged access to data and IT pros, who misconfigure network endpoints.
- With the growth of the IoT, easy-to-enter endpoints are growing like Topsy. Securing IoT endpoints increases IT ops costs. More devices mean more time and effort are needed to buy, configure, update, and monitor security equipment.
Also, many larger organizations have IT systems connected to small or mid-size businesses. When hackers compromise SMB security systems, they can then easily penetrate the defense systems of larger organizations.
- A bad case of “It can’t happen here.” Hackers know that when it comes to cybersecurity, small businesses can be complacent or in a permanent state of denial. That and the tendency to spend little to no money on improving their security infrastructure gives bad guys an easy opportunity for security exploits.
So, what can SMB IT security pros do? Quite a bit, actually.
Although there’s no guarantee of absolute protection, following these tried-and-true measures can dramatically reduce the risk of attacks and security breaches:
- Pay attention to configuration settings. Employers or IT teams must ensure that all IoT devices are set up correctly and consistently.
- Encrypt your data. Encrypting your data with software that protects sensitive information with passwords will give you peace of mind.
- Install software updates consistently and often. Your software works best when you’ve got the latest versions with the most up-to-date security. For example, make sure that your network is set to the WPA2 standard and update connections as needed.
- Make security training part of your ongoing IT operations. Inserting regular, 10-minute mini-training sessions into your staff’s work routine is a painless way to boost your staff’s security IQ.
- Develop and enforce cybersecurity procedures. Include best practices that you expect employees to follow and that keep personal, vendor, and customer information safe. Make sure that the policy describes procedures that employees must follow when a breach occurs.
- Back up and protect business information. If losing data harms your business, it deserves backup protection. Whether you back up to a storage device or a cloud-based service, keep your data safe, somewhere else than your network. Then, protect your backed-up data wherever it’s stored.
Then again, you can bite the bullet and outsource your IT security chores. Third-party security management services aren’t cheap. Only you know if the expected value of a breach or DoS attack makes managed services a good alternative for your business.