Don’t make the mistake of thinking SMBs are not a target for security breaches. SMBs are the most vulnerable to attacks due to limited resources, weaker security measures and the misperception that hackers will not go after small businesses. In fact, hackers know that most small businesses are easy targets because they do not prioritize cybersecurity or have a strategy in place for protection.
A March 2022 study found that 51% of small businesses don’t have any cybersecurity measures in place; 87% of small businesses have customer data that can be compromised; and 27% of small businesses with no cybersecurity protection at all collect customer credit card info.
The most common threats to SMBs include phishing, spam and email malware. Breaches can easily spread from within, beginning with a staff member simply not recognizing the signs of a phishing scheme. Even SMBs that do not store data are at risk of a cyber attack that can spread damage to their customers, partners and employees. Cyber attacks can happen in any situation. Breaches can occur through servers that host small businesses, through an unsecured connection, or wherever data is stored in unencrypted format.
Here are some sobering facts about SMBs and cybersecurity:
- 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees
- 75% of SMBs could not continue operating if hit by ransomware
- 61% of SMBs were the target of a Cyberattack in 2021
- 37% of companies hit by ransomware had fewer than 100 employees
Sadly, a significant percentage of SMBs still believe that basic protection is all they need and face dire consequences when they are proven to be ineffective against the latest cyber attacks.
My Security Console recommends 3 technologies that should be considered standard safety equipment for all IT environments:
Secured Back Ups
Failure rates for backups are alarmingly high. Regular maintenance and proper backups of important data are crucial to a recovery the event of an attack.
With almost every service supporting multi-factor authentication today, there is no reason to leave user accounts open to phishing scams or breaches due to weak or stolen passwords.
Managed Detection and Response
MDR can be especially helpful to smaller organizations or businesses that don’t have in-house cybersecurity experts. MDR is able to prevent sophisticated modern day cyber-attacks, and just as importantly, helps organizations identify and respond to incidents quickly and effectively, reducing the time to resolution and minimizing the impact of a security breach.
More on these three technologies are detailed in our previous blog post, From Oldsmobile Cutlass to Cybersecurity, Time to Buckle Up!
SMBs more than any business need a cyber security strategy and dedicated IT professionals who can provide basic security preparation, monitoring and data protection. Work with your IT Provider to develop a plan that delivers optimal security and protection. Have a certified cybersecurity expert conduct an audit and vulnerability assessment. Create a plan detailing the steps your business should take to prevent an attack and a process to respond when an attack occurs. Finally, prevention is key: providing your staff with Cyber Security Awareness education and training is a simple but invaluable measure businesses can take to stay safe.