You scan the business pages and notice that another large company has made the news for being hacked and having sensitive customer information stolen. You may have read about Microsoft’s security hack back in January 2020, when 250 million customer service and support records were breached. Or maybe you saw that in December 2019, a cyberattack on Facebook exposed the personal information of more than 267 million users, including names and phone numbers.
Well, not quite.
While it's the big companies that make the news, smaller businesses are also under cyberattack. Especially now that the COVID-19 pandemic has forced an almost universal shift toward alternative workplaces with the majority of offices being closed down, every company and employee is more vulnerable than ever to cybercriminals.
It may be hard to believe, but SMBs are largely at risk. It’s vital to understand why in order to know what you can do to protect your company.
Cyberattacks are incredibly damaging, and grow more costly every year. The global average cost of a data breach in the Ponemon Institute’s 2019 study was $3.92 million, a 1.5% increase from their 2018 study.
Unfortunately, the statistics confirm that the cyber-risks for small businesses continue to escalate. One study found that 40% of cyberattacks are against organizations with fewer than 500 employees, according to The Capacity Group.
Matters are made worse by the ongoing global pandemic. As larger businesses have devoted resources to shoring up their cybersecurity defenses, hackers and cybercriminals have shifted their focus to businesses that are less secure. After all, why try to rob Fort Knox when most of the neighbors on your street are leaving their doors and windows unlocked – if not wide open!
This is one of a few reasons that SMBs are especially vulnerable to cyberattacks.
Why SMBs Are Particularly Vulnerable
The National Institute of Standards and Technology, wrote a publication on SMBs and Cybersecurity. They spoke about how SMBs are considered “soft targets” by cyber criminals, because they usually lack the resources to invest in information security as larger businesses do. This makes them less protected, so they are often picked as ‘low hanging-fruit’ by hackers.
In The National Cyber Security Alliance’s 2019 survey, only 58% of small businesses surveyed reported having a response plan that can be immediately put into action in the case of a cyberattack. In comparison, 73% of the large businesses surveyed reported having a readily available response plan.
Not only are SMBs usually less prepared to deal with cyber threats, but there is also typically less employees awareness and knowledge regarding online risks. Employees who have not undergone cybersecurity awareness training will find it difficult to identify red flags on the internet and avoid phishing, identity theft, malware, and more.
Another reason is that hacking a smaller business is less likely to draw major attention from the government and the media. As we established, when large, global companies are hacked, the incident usually makes the news. However, hacking an SMB, like a local grocery store chain or a real estate agent, isn’t going to draw national attention, and is less likely to be reported to the police by the business.
SMBs are also sometimes used to get to more high-profile targets. Cybercriminals can use a chain of trust in order to reach larger companies. However, often the intended target is the SMB itself. Small companies can possess valuable data worth a lot of money, or information that can be used to launch further attacks.
The shift to remote work means that SMBs are even more susceptible to cyberattacks because the points of entry into your corporate network have greatly increased. Employees are now working from personal devices such as laptops, phones and tablets, all of which function as entry points to your company’s network. In fact, anything that is IP addressable can be a source of entry, including printers and copiers when they are connected to the network. Anywhere your internal IT connects to the wider world is a potential point of penetration.
Moreover, these devices are often not sufficiently protected. In many companies anti-virus and anti-malware software is only installed on hardware within the office, and not on employee’s personal devices. Even if security measures are in place, they are almost always weaker and easier to penetrate in SMBS compared to larger businesses. Factoring in potential gaps in virus protection, and improperly set up security controls for VPNs and wireless networks, the risk is much higher than it was before the outbreak of the Coronavirus.
While there's no guarantee that your particular business will be hacked, it is definitely a possibility. Is that a chance you're willing to take?
Act Now and Protect Your SMB
With the outbreak of the Coronavirus came a surge in cyber threats and online attacks. All businesses are more vulnerable than ever, but SMBs in particular are now being targeted by cybercriminals. Acknowledging this increased risk is the first step towards protecting your company from being the next victim.
Keep in mind that SMBs are 1) highly likely to be targeted by hackers, 2) typically less aware of cyber risks, and 3) usually less prepared to defend themselves. Now is the time to pay special attention to your cybersecurity systems and policies. Remember that cybercrime is real and dangerous, and the stakes are high. Don't bury your head in the sand on this issue, thinking that the size of your company is a defense. As we’ve demonstrated, it most assuredly is not.