The exact numbers vary, but cybersecurity experts are in agreement that small businesses are one of the most popular targets for cyberattacks.
43% of data breach victims are small businesses, according to Verizon’s 2019 Data Breach Investigation Report. A 2018 report from Hiscox revealed that 47% of small businesses had experienced data breaches in the past year, with almost half of those businesses reporting more than one breach. ESET Senior Security Researcher Stephen Cobb says that over 70% of security breaches target small businesses.
Despite cybercriminals’ overwhelming preference for small business targets, Hiscox also found that only 52% of small businesses have a clearly defined cybersecurity strategy, even though a proactive strategy is the best defense. By the time there’s a breach, the damage has often already been done: data misused, ransomware spread, viruses unleashed.
The estimated direct cost of this havoc for a small business is around $34,600. And that doesn’t include lost customers, recovering from the outbreak, or workplace distractions that come from a cyberattack.
OK, now I’m sufficiently concerned, thanks.
You’re welcome. You should be! And you’re not alone. Hiscox found that even though many small businesses are unprepared, around 66% of them are seriously concerned about cybersecurity.
Why are none of them prepared, then?
The truth of the matter is that small businesses underestimate their risk. It seems logical that cybercriminals would have bigger fish to fry. After all, breaches featuring big corporations are the ones that make the news. Small businesses, however, are just as likely to have personal data to plunder, with a fraction of the security protocols in place.
Andreas Rivera of Business News Daily refers to this as the “sweet spot” for hackers, with “more digital assets than an individual consumer but less security of a larger enterprise.
Shaking the target off your back
A comprehensive cybersecurity program isn’t built in a day. It takes considerable time and investment of executives and employees alike, but the processes are well worth the trouble they save. As you work on your cybersecurity protocol, here are a few things you can do sooner rather than later to reduce your risk.
1. Risk assessment
It may seem like a no-brainer, but with technologies ever-expanding, cybercriminals are likely to find the holes in your system before updates and patches do. Stephen Cobb suggests making a list of all the computer systems and services your business uses, because “if you don’t know what you have, you can’t protect it.” He recommends including any mobile devices that you and your employees may use to access company information.
Cybersecurity audits are definitely worth hiring outside help if needed. Alternatively, there are several free online security classes and guides that can enable you to better assess not only what security measures you lack, but also the ones that you (hopefully) already have in place.
2. Spread awareness
This doesn’t refer to our 21st-century version of awareness that comes from video challenges or celebrity tweets, but rather genuinely training employees to recognize basic cybersecurity threats. While our vision of cybercriminal is usually a mastermind operating out of a basement, it turns out that the majority of small business breaches can be traced back to employees and emails.
Sean Allen, digital marketing manager at Aware, says that if small businesses spent even just one hour spent training staff on “basic internet hygiene” such as “spotting phishing e-mails, good browsing practices, not downloading suspicious files or clicking links,” then cybersecurity would improve drastically.
3. Check your passwords
One of the easiest ways to improve cybersecurity in both personal and business life is to use more complex passwords. That means your information would also be more secure using different passwords from different apps so that if one account is compromised, the rest of your accounts don’t get hacked too.
It seems like a chore, but constructing complex passwords, and even changing them regularly, immediately reduces the chances of a cyberattack.
4. Multifactor authentication
To be honest, the first few messages in my inbox right now are from various accounts verifying my identity. And tomorrow, they’ll have to send security codes once again in order for me to access them. And not because I forgot my very responsible and secure passwords. This is the reality of multifactor authentication.
In cases of multifactor authentication, there is not only a password in place, but users must also enter a security key sent to their phones, or a hardware key. This adds another layer of protection that not only makes your inbox appear extra popular but also fends off security threats. Look for this in the products and services your business decides to use, and know that the time spent entering that extra code is much less costly than a data breach.
Reinforce those defenses!
Cybercrime is out there, and it hasn’t limited its prey to the big-box competition. Small businesses are the perfect combination of valuable data and lower defenses, just begging to be breached. Take the time to develop a cybersecurity plan, and invest in it long-term since technology is only getting wiser. In the meantime, take the small steps that you can to reinforce your small businesses’ defenses against cybersecurity threats.