You scan the business pages and notice that another large company has made the news for being hacked and having sensitive customer information stolen. “Whew,” you think to yourself, “Glad I’m not that big of a fish and don’t have to worry about that.”
Well, not quite.
While it's the big companies that make the news, smaller businesses are also under cyberattack.
I have one goal in this post – to convince you to take cybersecurity for your SMB seriously, and to do something about it!
A Tower Gate Insurance study revealed that 82% of SMB owners don't think they have anything worth stealing.
Meanwhile, cybercriminals are merrily exploiting this attitude by attacking SMBs and stealing their data or holding their information for ransom.
As larger businesses have devoted resources to shoring up their cybersecurity defenses, hackers and cybercriminals have shifted their focus to businesses that are less secure. After all, why try to rob Fort Knox when most of the neighbors on your street are leaving their doors and windows unlocked – if not wide open! Let me share a few statistics to illustrate how real this is:
- 60% of SMBs hit with a cyberattack were forced to close within 6 months after the attack, estimates the U.S. National Cyber Security Alliance.
- Ponemon Institute reports 52% of SMB companies experienced a ransomware attack, up from 2% in 2016.
- Cyberattacks are more costly. The average cost due to damage or theft of IT assets and infrastructure increased from $879,582 in 2016 to $1,027,053 in 2017. The average cost due to disruption to normal operations increased from $955,429 to $1,207,965 (Ponemon).
NIST (the National Institute of Standards and Technology) wrote a publication on SMBs and Cybersecurity, I'd like to quote a passage in full here:
“Because small businesses typically don’t have the resources to invest in information security the way larger businesses can, many cyber criminals view them as soft targets. Your small business may have money or information that can be valuable to a criminal; your computer may be compromised and used to launch an attack on somebody else (i.e., a botnet), or your business may provide access to more high-profile targets through your products, services, or role in a supply chain.”
Anything that is IP addressable can be a source of entry – your smart phones and laptops, of course. But also your printers and copiers when they are connected to your network, gaps in virus protection, improperly set up security controls for VPNs and wireless networks – wherever your internal IT connects to the wider world is a potential point of penetration.
Why are cyber criminals and hackers targeting smaller businesses with increasing frequency? There are four big reasons.
- Weak link. SMBs are often less protected and are “low-hanging fruit” for hackers.
- Chain of trust window to larger fish. Cybercriminals use SMBs to get to larger victims. The Target breach originated through an SMB partner.
- Less likely to draw major attention. Hacking Bank of America is going to draw the eyes of media and the government. Hacking a local grocery store chain or real estate agent is not going to draw national attention (and is less likely to be reported to police by the business).
- SMBs have valuable data too. Even small companies have data that could be worth big money.
While there's no guarantee that your particular business will be hacked, is that a chance you're willing to take?
Make sure you have antivirus and firewall software installed. Data backup is also a solid good business practice.
Keeping your business secure isn't as difficult – or as expensive – as you probably think. Whether you partner with a managed IT provider (one that will work with you as a trusted advisor) or a do it yourself, please take a few moments to:
- Understand that cybercrime is a threat to ALL businesses
- At least install antivirus and firewall software
- Contact an outside expert if you need help
The most important thing for you to remember is that cybercrime is real. I could create an entire blog post of statistics about the number and frequency of attacks, cost of those attacks, the changing nature of cyberattacks, and more.
Don't bury your head in the sand on this issue, thinking that the size of your company is a defense.
It is not.
Acknowledge this new business reality and then take steps to prevent your business from becoming a victim.
Ponemon Institute – State of Cybersecurity in Small and Medium-Sized Businesses.