Many SMB (small and midsize business) owners and managers assume it’s large enterprises that are targeted in most cybersecurity attacks. However, new research suggests that smaller businesses are being targeted more often than ever — and at a frightening rate. A recent report by Verizon revealed that small businesses alone made up 58% of cyberattack victims.
The reason? There are many; however, according to a recent report from Alert Logic, the top two reasons are outdated systems and limited focus on security. Attackers are consistently seeing success in their attempts at cheating and flummoxing small and midsize businesses, and as a result, they’re increasing how often they target them over larger enterprises.
What can a cyberattack really do to your business?
The false narrative often entertained by small and midsize business owners is that a cyberattack is a minor inconvenience. Sure, they can happen — but how bad can it be?
Scott Weingust from Toronto’s Sysoft says “Turns out … pretty bad.”
Ransomware alone can cripple any business. Ransomware is malware (malicious software) that corrupts, deletes, or locks your company’s systems and/or its data. As a result, you’re left helpless to continue on with daily operations. The real kicker is that the only way to get all your system and data access back is to pay a ransom to the hackers
Moreover, remember that the hackers know how much you have (after all, they hacked your business files and financial information), and they’ll take you for all you’re worth and then some.
If ransomware isn’t what takes your business down, rest assured there are other tactics cyber attackers possess. They may simply screw up and corrupt all your systems and data just for the fun of it. The cost of the cleanup? It can put you out of business in a matter of days.
How can SMBs bolster security to avoid cyberattacks?
Remedy encryption-related configuration issues.
Encryption is meant to protect your business from attacks; however, the truth is that almost everyone has encryption-related configuration issues that are exposing them to cyberattacks. You should not rely solely on low-level encryption solutions, and expert MSSPs should always be at the helm of your encryption management solutions.
Aaron Fox of Buffalo Computer Help offers simple advise for small businesses, “Don’t run old versions of software.”
Outdated versions of software are continually the cause of cyberattacks. Recent reports have found that many SMBs are actually running software that’s outdated or expired by more than 10 years. But even one-year-old software that hasn’t been patched can cause problems. While automated updates can help, it’s absolutely crucial to stay on top of patches and updates to avoid a security breach.
Never run unsupported software to operate your email servers.
Your company inevitably uses your email on a regular basis — possibly, more than any other program. Unsupported software should not be operating your email servers as it leaves this platform especially vulnerable to attacks.
Work with expert MSSPs who will improve your security and monitoring.
The monitoring of your internal systems must be continuous and done by experts. As a CEO, manager, or company owner, you don’t have time to stay abreast of possible security compromises. Your in-house IT may not even be able to handle this.
On the other hand, cyber security is the full-time occupation of professional MSSPs (managed security services providers). Hire one so that they can conduct thorough risk assessment, figure out your biggest weaknesses, and implement a corrective plan and countermeasures to mitigate the possibility of an attack. Finally, keep them on board for continuous monitoring so that you can nip attacks in the bud as soon as possible.
Train your employees.
Unfortunately, your employees are often the innocent gatekeepers to the vulnerabilities of your business — and cyber criminals know it.
Dallas IT Consultant, Shane Kimbrel from Data Magic Computer Services sums it up this way, “When a cyber hacker wants to access your sensitive data and gain control of your systems, they’ll attempt to do so through your employees. This is generally accomplished through “phishing.”
Phishing is when a seemingly legitimate email is opened, and an embedded link is clicked on. This link is malicious and will either lead to a drive-by download or another form of secret malware inception. From there, your attacker will be able to gain easy access to your internal systems. Make sure your employees are aware of phishing and other cyber attacker efforts that may affect them.
Assume you’ll be targeted.
Finally, while it’s certainly not enjoyable to assume your company’s security will inevitably be compromised by a cyber attacker, it’s the smart thing to do. Naively doing nothing will only lead to trouble down the line.