Small business owners are obviously aware of the threat of cyberattacks. You read about them in newspapers or hear about them on news reports. You know of the attacks on such big companies as Yahoo, eBay, Equifax, Target Stores, JP Morgan Chase, the U.S. Office of Personnel Management, Sony Pictures, Home Depot, Adobe, and more.
However, you are not concerned because you own a small business of less than 100 employees with revenues of less than $750,000 a year. Why would a hacker want to attack you?
If you believe your small business is safe from an attack, think again.
Small Business, Big Target
Ponemon Institute, a company that researches data protection and information security policy based in Traverse City, Michigan, published the 2017 State of Cybersecurity in Small & Medium-Sized Business. It discovered that the percentage of small businesses that have been attacked was up from 55% in 2016 to 61% in 2017.
Small businesses are increasingly targeted by hackers because they are more vulnerable. Because they don’t protect their data, they are caught up in the web of attacks referred to as “spray and pray.”
Why are hackers interested in a small business? Because like large companies they have lots of data that includes personal customer information used in identity theft crimes. Moreover, hackers use the systems of small companies to attack larger companies. The cyberattack on Target began with an attack on a small HVAC company.
What’s more, such attacks are costly to the small business that experiences them. According to a Verizon’s 2017 Breach Investigation Report, “For SMBs, there’s a 90% likelihood of a single data breach costing more than $200,000, and a 10% likelihood of a single data breach costing more than $450,000.”
How Did the Hackers Get In? Someone Probably Opened the Door…
Hackers often gain access to your network via emails that include attachments that are actually malware. Also referred to as “malicious software,” malware is a file that contains a virus, worm, Trojan horse or spyware. If you open the attachment, you inadvertently give the hacker access to your device and they can steal, encrypt or delete data, change or hijack functions of the machine and monitor your activity.
Hackers also use ransomware – and advanced form of malware – attached to an email. If the attachment is opened, the ransomware contaminates the computer with a virus that encrypts data so it can’t be used. The hacker then demands – via pop up window – that the user pay a ransom to have the data returned.
If a small business backs up its data, it can ignore the attack, clean the ransomware from the computer network and start over using the backup data. If it does not back up data, the business may have no other alternative but pay the ransom. The cost of the return of the data can be as much as hundreds to thousands of dollars. Even worse, payment of the ransom can’t guarantee the return of your data.
Protect Your Small Business
You can protect your company’s network by educating your employees about suspicious emails and caution them not to open the attachments. Moreover, it is imperative that you include some kind of security software and firewall in your systems that can block or sense and clean out malware or ransomware. Every endpoint of your network needs to be protected including all desktops, laptops, smartphones and tablets, IoT devices – anything that has access to the network. Closely monitor every login to be certain it is legitimate. If your business deals with credit cards, follow PCI-DSS standards. Hire a so-called “white-hat” hacker who can periodically test your network to identify weak spots. In addition, consider purchasing cyber liability insurance.
There are so many things you should be doing to protect your business (no matter the size) from cybercriminals, and don’t wait for a cyberattack to happen first. It is essential that you take steps to protect your business prior to any breaches. We recommend you start now.