Small business owners may think that cybersecurity is an issue that only larger enterprises need to be concerned about. A small business owner may believe that they do not have any information that would be of interest to cyber criminals. Nothing could be farther from the truth.
While statistics show that cyber criminals are targeting small businesses less in the wake of the COVID-19 pandemic and shifting their focus to large corporations, critical infrastructure, and governments, small businesses are still victims of cyber attacks. Many of the techniques cyber criminals are using to attack large organizations pose a risk to small and medium-sized businesses.
How much does a cyber attack cost your business?
Let’s start by talking about money. In the world of business, money rules everything. According to a new study from Ponemon Institute, it was estimated that insider-related cyber incidents for small to medium-sized businesses cost each victimized business on average $7.68 million.
The cost of the attack varied based on the size of the organization being attacked and the attack. However, the above mentioned number is the average spent by small businesses per incident. We are not talking about mega corporations. We are talking about businesses that have fewer than 500 employees.
It’s clear to see why when a small business is the victim of a cyberattack it may need to close its doors. Seeing these numbers has moved many small businesses to think about implementing cybersecurity defence plans, ranging from installing a VPN service that has strong encryption and no-logging policy to more complicated network protection.
More than 40 percent do not have cybersecurity defence plans
Many small business owners feel that implementing a comprehensive cybersecurity defence plan is too expensive or too time-consuming. The other side could argue that the cost of cybersecurity pales when compared to the cost of just one security breach.
That’s why for many it is surprising to realise that over 40 percent of small to medium-sized businesses do not have a cybersecurity defence plan. Considering what is at risk it’s fair to say that businesses that ignore cybersecurity are being reckless. They are putting their reputation, their personal data, and the personal data of their employees, clients, and customers at risk.
Cybersecurity threats are on the rise. True, cybersecurity does not make a small business immune to being victimized by cyber criminals. But it makes it harder for cyber criminals to go about their work, and it might dissuade lazy criminals looking for easy targets.
You need to remember that small businesses rarely have the large trove of data that vast enterprises have. What makes them enticing to criminals is not necessarily the value they offer but that they are a soft target. Cyber criminals understand that small businesses are not prioritising security. But it only takes one attack to cripple a business.
The recklessness of small businesses that do not prioritize cybersecurity could be seen by comparing them to a homeowner in an area where there is high crime. A conscientious homeowner is going to put bars on the windows, reinforce the locks on the doors, install a security alarm, and maybe even install a closed-circuit TV security system.
A reckless individual in the same neighbourhood is going to forgo cameras, bars, a security system, and alarms. They may not lock the door at night or leave the door wide open. This is the same thing that small businesses do if they are overconfident about their safety and do not prioritise cybersecurity.
How small Businesses take cybersecurity more seriously
It starts with recognizing that they are potential targets. Broadband and IT are what allow small businesses to increase their productivity. This is also what makes them potentially vulnerable to cyber attacks.
Train employees on cybersecurity
Cybersecurity starts with employees. They can be the weakest link or the strongest deterrent. Small and medium-sized businesses must establish security policies for employees. This includes requiring strong passwords. Internet guidelines must be enforced, and there must be actionable penalties for violations. Rules of behaviour should be written and frequently reviewed on how to protect customer information and data.
Protect devices, networks, and information
Once people have been trained, the next step is keeping machines clean. All devices that connect to your network should have up-to-date security software, web browsers, and operating systems. This is the best way to defend against viruses and malware that exploit vulnerabilities in outdated software. Every time software gets updated, a virus scan should be ran to ensure that updates do not contain any dangerous software.
Use a VPN
Using a VPN is one of the best ways to protect small or medium-sized businesses from a cyber-attack. VPNs create encrypted tunnels that allow information to be sent in a secure and encrypted way. VPNs prevent information from being intercepted. If by some miracle of technology data is intercepted, they cannot decrypt it.
Create a backup
Good cybersecurity not only prevents an attack from happening, but it also lays out a strategy or a plan of action if an attack is successful. If your website’s important business documents, data, and information are regularly backed up on all computers and if a cyber-attack is successful, everything can be wiped and restored with little to no downtime. Backups should be stored off-site or in the cloud.
There are other steps that you can take, including controlling physical access to network connected devices. Unauthorized people should not be able to login or access laptops. When laptops are unattended, they should be locked up. Each employee should have their own account.
Another step is to keep your Wi-Fi secure. The network should be encrypted and hidden. Information should be compartmentalized. Employees should only have access to information that they need. They should not be able to install software without permission. Passwords and authentication should be changed every couple of months. And small businesses may want to consider implementing multi factor authentication.
Cyber criminals and cybersecurity threats will not go away soon. Small businesses have not been and will not be immune to these threats. It is up to a small business owner to train their employees, protect their computers and networks, backup important business data, limit access to computers, and use strong passwords and authentication to protect their business from cyber attacks.