Be aware of the malicious work e-mail. The new message in your inbox, seemingly from your boss or human resources, is actually the most common way hackers gain access to small business networks and potentially sensitive client data. Ensuring that your business is protected against ransomware attacks has rapidly grown from being an amenity to a necessity.
In 2019, 43% of cyberattacks were aimed at small businesses. And in an equally unsettling statistic, a research survey conducted by insurance company Hiscox found that digital attacks cost businesses of all sizes an average of $200,000 last year, a 488% increase over the 2018 average.
Avoid The Worst-Case
When it comes to ransomware attacks, the worst-case scenario for any business is to lose customers, lose revenue and potentially lose the business itself. Small and medium businesses like Colorado Timberline in Denver and Brookside ENT and Hearing Services in Battle Creek, Michigan, which The New York Times recently profiled, were both forced to close shop after being targeted by cybercriminals.
And these aren’t unique cases. According to the National Cyber Security Alliance, 60% of SMBs go out of business within six months of being targeted.
Small businesses are particularly attractive to digital threats because they have the information attackers want, yet generally lack the infrastructure to defend against them. In fact, according to the AppRiver Cyberthreat Index for Business Survey, 66% of SMBs fear a data breach would be more detrimental to their business than real-world disruptions.
The fact that most small businesses view a cyber attack as an existential threat stands to reason. In an article from small business lender Credibly, some of the most appealing targets for cybercriminals are banking credentials, sensitive data from customers, vendors and staff, and trade secrets. For small business owners, losing control of these data represents a loss of reputation among the businesses and people that constitute the lifeblood of the business.
Cybercriminals understand the value of this information to business owners, and they also understand that SMBs don’t often have the same security protocols in place to protect themselves as large businesses do. All of which places them at an especially high risk of being infiltrated.
For instance, In August of last year, a medical practice in Simi Valley, California, was targeted by ransomware. The owners were told by their insurer that, even if they paid the hackers, there was only a 15% chance they would recover all of their data. The company closed in December.
In an interview with The New York Times, F.B.I. Cyber Division Section Chief Herbert Stapleton, outlined just how devastating a cyberattack can be for businesses that are unprepared. “What we find most concerning is that it causes not just direct costs, but also indirect costs of lost operations. We certainly view it as one of the most serious cybercriminal problems we face right now.”
Paying the direct costs of a cyberattack, such as the cost of ransom or hiring a ransom negotiator, only scratches the surface of the cost of a data breach.
As Stapleton explains, the indirect costs are what cause the most turmoil for targeted SMBs. These costs can range from civil lawsuits from customers and business partners to regulatory fines for compliance violations. Indirect costs could also be higher cyber insurance premiums, customer refunds/incentives, and of course, lost sales and business opportunities.
One Step At A Time
One mistake that small businesses make is not being properly prepared to handle a cyberattack. According to a report from Ponemon Institute, only 14% of SMB owners are prepared to defend themselves against a cyberattack.
While commissioning a security audit or purchasing a firewall from a cybersecurity firm like Palo Alto Networks Inc. (NYSE: PANW) or Check Point Software Technologies Ltd. (NASDAQ: CHKP) will generally offer the most robust protection, business owners can take small steps to drastically reduce the chances of a devastating cyberattack.
The U.S. Small Business Administration offers tips to help protect against this growing concern. Among its suggestions, the first is to have an IT support system—a dedicated team or individual to help with installing antivirus, malware, and anti-spyware software. It’s also recommended businesses have an IT professional or security consultant encrypt the office Wi-Fi making it harder for hackers to gain access to sensitive data.
If hiring a dedicated IT professional is out of the question, the FTC offers a cybersecurity planning tool that can help you build a protection strategy best suited for your small business. The FTC also provides a list of cybersecurity resources for small businesses that includes educational resources and cybersecurity tools.
As a further security measure, make sure to back up and, when possible, make hard copies of sensitive data. All crucial data including word documents, spreadsheets, financial files, HR files, and accounts receivable/payable files. Try to back up data weekly or even automatically so that you never run the risk of losing everything.
Finally, the FTC also suggests keeping “good cyber hygiene” by using antivirus software and keeping it updated as well as having multifactor authentication for log-ins and requiring employees to set up strong passwords. Credential management tools like OnePassword can help to generate strong passwords reduce the chance of a potential leak.
Preventing a leak or breach is perhaps the most critical step a small business can take in protecting itself from attacks. In its 2019 Data Breach Investigations Report, Verizon Communications Inc. (NYSE: VZ) noted that 32% of breaches were the result of employees clicking on malicious links in phishing e-mails. That one click allows hackers to gain access to your business’ private network, exposing both your company and its clients to the whims of these bad actors.
That’s why the best investment you can make toward improving your business’s cybersecurity is proper employee training. The Small Business Administration offers cybersecurity classes (some free) for company’s who want more training on this growing issue. Implementing basic safeguards like this and auditing your company’s cybersecurity framework is an upfront cost, but one that could save your company thousands of dollars (or more) down the line.