As small businesses know, bigger doesn’t always mean better. Being small has lots of advantages — but cybersecurity is one area where small businesses often
lack the upper hand.
While large enterprises have the resources to protect their networks against the ever-evolving landscape of cybersecurity threats,
smaller businesses have tighter budgets and fewer resources — one of the main reasons hackers target small businesses.
In its 2019 report on the state of cybersecurity for SMBs, the Ponemon Institute reported that the number of small businesses that experienced breaches "involving sensitive information about customers, target customers or employees"
increased to 63% from 58% in one year.
What are the bad guys after?
- Data: Even small companies traffic in data that's easy to offload for a profit on the Dark Web, such as medical records,
credit card information, Social Security numbers, bank account credentials or proprietary business information.
Hackers can steal this and either use it themselves, or sell it to other criminals to use.
- Computing power: Cyber hackers can commandeer a company's computers and conscript them into an army of bots to perpetrate massive
DDoS attacks. DDoS artificially generates enormous amounts of web traffic to disrupt service to a company or group of companies,
and the hijacked bots help generate the disruptive traffic.
- Cash: While some attacks are about disruption (as is the case with DDoS), usually, the motive is to make a buck.
This explains why ransomware is such a popular method of attack: It often succeeds in generating revenue — and as long as an attack method proves lucrative,
hackers will keep using it.
So how can a small business protect itself? Warding off these costly attacks requires 360-degree cybersecurity measures that proactively protect
all devices connected to a network.
These 10 recommendations will help a small business create an effective cybersecurity strategy
- Educate all employees. No clicking on unknown emails or links. Be aware of social engineering.
- Don’t use public wifi for sensitive work and ban the use of removable storage.
- Block Excel and Microsoft Office macros, unless they come from a trusted source.
- Install and maintain anti-virus software.
- Regularly back up all your data, to a remote site if possible. Test your backups, otherwise they are useless.
- Encrypt and thoroughly password protect all employee laptops.
- Consider cyber insurance to cover breach and recovery costs and any legal claims.
- Restrict user privileges. No-one except a sysadmin should be an administrator.
- Patch, patch, patch – keep ALL your software up to date and do not run unsupported software.
- Use multi factor authentication (MFA) for all remote access.
A cyberattack can have serious consequences, with many small businesses forced to shutdown for good due to the fallout.
By understanding that small businesses are just as likely to be targeted as the big guys — if not more so — and preparing for the worst with a smart
cybersecurity strategy, you can keep your doors open and your customers happy for the long term.