Small business is big business for cybercriminals. Almost half of all cyberattacks are against small businesses. Why? Hackers exploit vulnerabilities for financial gain, and small businesses are extremely vulnerable. In the past 12 months, attacks against small businesses rose 424%.
Although cyberattacks at large corporations are highly publicized, they are typically the result of months of hard work focused on penetrating a company’s cyber defences. Small- to mid-sized companies present much easier targets. For example,
That means hackers have much better odds of realizing a return on investment at a small organization. The average cost to a small business is around $385,000 (US) for the breach itself. Those dollars do not include the financial losses that occur months after the compromise has been contained. Cybercriminals can work on a large breach for up to 9 months, or they can compromise about 13 smaller organizations during the same period. The odds of a payout are much higher for the 13 small businesses with minimal security.
That’s why small businesses cannot ignore cybersecurity. The compromise is not so much about what you have as it is about how easy it is to steal it.
In the physical world, businesses have offices with locked doors and security systems. They want to limit the opportunities for a crime to occur. Cybersecurity serves the same function in the virtual world. If companies do not strengthen their cybersecurity defences, it is like leaving a window open in the physical world. The rest of the security measures are useless.
What can small businesses with limited time, money, and resources do to protect their digital assets?
Network monitoring identifies attempted cyberattacks. By watching network traffic, companies can identify suspicious or unusual activity. They can investigate those attempts to determine if vulnerabilities exist and proactively strengthen their weaknesses.
Potential vulnerabilities are increasing. Every device connected to a network is an access point that is available for exploitation. The “smart” devices such as sensors, internet-enabled printers, or cameras vary when it comes to security because there’s no standard for IoT devices. When a company allows third-party devices such as phones or laptops to connect to the network, it adds another access point that must be secured.
Network capabilities are more than checking performance. IT personnel need to understand how to set up networks to limit remote access to properly vetted connections. Without comprehensive configuration and monitoring, organizations may unintentionally leave a window open.
Employee education has never been more important. Over 90% of all cyberattacks are the result of human error. People share credentials or use weak passwords. Employees click on links without thinking, or someone misconfigures a firewall. Educating staff on what to look for and why strong credentialing is vital can go a long way to improving overall security.
Most people are aware of ransomware and phishing attacks, but there’s much more to today’s world of cybercrime.
Many organizations have never heard of business email compromises (BEC) or know how to detect them. Yet, BEC cost businesses over $26 billion in actual and attempted losses. For small businesses that make and accept payments electronically, BEC is a growing cyber threat.
In a BEC attack, hackers mimic valid vendors to trick employees into wiring money to a fake account. Once the money transfers, the individuals distribute the funds over a number of offshore banks, making it impossible to recover. By make employees aware of how BEC emails are used, companies can help minimize potential losses.
Business continuity plans help organizations stay in operation even when disaster strikes. Although most people think of disasters in terms of hurricanes, blizzards, or tornadoes, disasters include cybersecurity compromises. The average cost of a data breach for small-to-mid-sized organizations is about $200,000. Of those businesses that were hit with a cyberattack, 60% of small companies went out of business within six months.
Financial losses extend beyond the breach itself. For example, an IBM report found that the average cost of a significant data breach is $3.9 million. That may include the cost of legal and regulatory assistance. IBM also factored the following costs into the overall compromise:
Business with up-to-date plans can reduce their overall financial losses by having a business continuity plan that clearly outlines what assets to secure and how to respond.
Yes, cybersecurity takes time, money, and resources, but the alternatives much worse. Not only is there the immediate impact of downtime and potential fines and penalties, but there is also the long-term effects of lost business and a damaged reputation. Knowing that over half of all small companies go out of business within six months of a compromise means jeopardizing your organization’s survival by not investing in its cybersecurity.
Finding qualified IT applicants is another hurdle that businesses have to confront. Millions of cybersecurity jobs go unfilled every year. As the demand for cybersecurity skills continues to grow, so will the number of open positions. The world is simply not producing enough cybersecurity specialists to meet the demand. As a result, the cost per technical employee will only grow.
An alternative in the Kingston-Brockville area of Ontario is OnServe, a managed IT service provider. The company has advanced security capabilities that can help keep your data protected. In Eastern Ontario, Canada, we can help organizations stay in compliance with set regulations as well as improving overall performance. We can become your IT partner, leaving you to do what you do best –running your business. Why not schedule a cybersecurity assessment today? As a small business, you can’t afford to ignore your cybersecurity.