Did you know that small businesses are more likely to be targeted by cybercriminals than any other business or organization? It’s true! While we hear about major breaches on the news, we don’t get to hear the stories of the businesses that struggle with hacking attempts and cyber-attacks.
Hackers love to go after small businesses for one very big reason: small businesses are less likely to invest in top-notch (or even worthwhile) cyber security. Hackers love this vulnerability.
According to the Verizon 2019 Data Breach Investigations Report, 43% of cyber-attacks hit small businesses. The reason comes down to many factors, but there are two in particular that hackers really dig into when going after targets: lack of resources and lack of knowledge. Of course, there’s more to this story, as hackers also look at a business’s customer base and the type of data the business shares online.
A lot of small businesses are also relying more on the cloud (and this is the trend moving forward), but then they do little to keep their line of communication with the cloud storage, or just the cloud storage itself, secure. According to Symantec, a lot of businesses that rely on the cloud also fail to rely on strong encryption software. They just share their data to the cloud and let that be that.
Hackers attack small businesses because they want money. Hackers go after targets they can profit from, whether they hold a business’s data hostage and demand a ransom (and get that ransom – hackers got $460,000 from Lake City, Florida, officials after a ransomware attack on government computers, and that wasn’t the only Florida city to pay!), or by stealing customer data and either selling it on the dark web or black market, or using it for themselves.
The Verizon report also looked at the types of businesses that are targeting. The top three are:
- Public administration (23,399 reported incidents and 330 confirmed data disclosure)
- Information services (1,094 reported incidents and 155 confirmed data disclosure)
- Financial and insurance (927 reported incidents and 207 confirmed data disclosure)
They go after these types of businesses because this is where they can make their money – and it’s where they’ve discovered the most vulnerability. However, while these types of businesses represent the top three, there are many more. Every type of business is targeted. Some businesses make it past the attack unscathed, but many don’t. Their data is compromised in one way or another.
Why are small businesses are targeted so much? It’s a numbers game. Hackers know most small businesses lack good cyber security. This makes these businesses easier targets. Target enough of them, and you’re going to make some serious money (from selling stolen data or paid ransoms).
So, what can you do about this? How can you protect your network? First and foremost, you have to realize YOU are a target. It doesn’t matter if you’ve never been hacked before. It just means the hackers haven’t gotten to you yet. Once you realize this, you can go to work and get your business ready for the eventual attack.
This is where a risk assessment can do a lot of good. You may already have some security measures in place, but do you know how effective those measures are? You need to know where your holes are so you can plug them and then reinforce them. You don’t want just a wall around your business, you want an entire ocean.
But it doesn’t end there. One of the most powerful tools against hackers and cybercriminals is knowledge. Next to securing your business, the best thing you can do is train your employees on understanding cyber security and the threats that exist to harm the business they work for. Your team MUST know how to identify phishing schemes, fraudulent websites and virus scams, then stay regularly updated on the threats out there. (And don’t forget using complex passwords that are locked away in a password vault or manager to add another layer of security).
On top of this, work with an IT team who knows what they’re doing. It’s one thing to tackle this all by yourself, as many businesses do, but it’s another to work with an experienced IT security firm. If you go it alone, you might miss something or you might not fully understand the security you have in place. Having an outsourced team of pros means you’re one step ahead of the hackers.