Cybersecurity: A Problem too Big for Small Businesses to Ignore

It seems like every day there is a new story of a data breach or cyber-attack reported in the news.. As more and more of our activities take place online the threat of cybersecurity increases.

Despite this, few small businesses take steps to protect their systems and information from cyber-attacks. In fact, studies show that 54% of small businesses believe hackers aren’t interested in their company because it’s “too small.  If you happen to fall into that category, consider these facts:

  • 43% of cyber-attacks target small businesses
  • 60% of those companies don’t recover and go out of business.

Yes, you read that correctly. More than half of small businesses that suffer from a cyber-attack will close.

If that’s not enough to spur you into action, chew on this: the risks of insecure information include:

  • Loss of revenue
  • Loss of customers
  • Loss of productivity
  • Loss of contracts
  • Financial penalties
  • Lawsuits

So what can you do?

The first step is gaining an awareness of the cyber-threats you face, in order to protect against them.

Top 3 Cyber Threats to Small Businesses

#1 Ransomware

I am sure by now everyone is familiar with Ransomware.  It is a specific type of malware that encrypts a victim’s files and makes the device where they are stored inoperable.  Once the malware is on your system, the attacker demands to be paid a ransom from the victim to restore access to the encrypted files.  The most recent and largest-known attack occurred just last week on U.S. energy infrastructure, Colonial Pipeline.

Anyone with a computer connected to the internet. As is anyone with important data stored on their computer or network. 

Ransomware can be disastrous for a small business. Without access to systems and data, business operations will be severely limited.  Paying the ransom does not always guarantee that the files will be restored.  Recovery can be both timely and costly

#2 Phishing attacks

The most common method of attack, phishing, is the fraudulent attempt to steal sensitive information, such as passwords, credit card numbers, or other personal details by pretending to be a trusted source. Since the onset of the pandemic, there has been a 600% increase in phishing. 

There are several types of phishing, but the most common is email phishing, which can be either random or targeted on certain people, or divisions within an organization. .    

An attacker will send a spoofed email, designed to be from a legitimate source, such as a supplier or someone from inside your organization.  The email will request that the intended target disclose sensitive information, such as credentials, bank account information, etc. 

#3 Remote Workers

The increase in remote workers has also increased the threat of cyber-attacks, as workers use home networks and personal devices that may be vulnerable.

This is a sneaky threat, because even if you have taken steps to secure your systems, if one of your employees uses an unsecured cell phone to access company information, it could compromise your company.

Why Small Businesses are Targeted

Cyber criminals have learned that small businesses are less likely to have strong security measures implemented.  Criminals go after weaker targets because it will yield results with minimal effort. 

Hackers may also use small businesses as an attack vector to target a much larger company.  While large companies have the resources to defend against a cyber-attack, they may inadvertently be compromised because of an attack on an insecure small business in its supply chain. This is just one of the reasons for the DoD’s new CMMC requirement for federal contractors. 

At Luminary ACE, we understand that cybersecurity is a challenge for small businesses. Beyond the expense of implementing security measures, it may feel onerous to go through the steps required to keep information secure. Yet, when done right, cybersecurity can increase productivity, enhance product integrity, and improve the customer’s experience. 

If you’d like to understand what a cybersecurity plan would look like for your business, contact us today for a free consultation.