Sixty percent of small businesses close within six months after a cyber-attack. That statistic comes from Rep. Chris Collins (R-NY), chair of the House Small Business Subcommittee on Health and Technology. Collins also said in a news release that nearly 20 percent of all cyber attacks are against small companies with fewer than 250 employees. Other security companies don’t just agree with congressional data; they think that the statistics are worse.
Security Concerns For Small Businesses
Verizon, in its most recent Data Breach Investigations Report, said that a whopping 72 percent of breaches that Verizon’s forensic analysis unit investigated targeted companies with fewer than 100 employees. For small businesses to protect themselves from cyber threats, they need to invest in virus protection and small business security tools. They should also focus their attention on five top Security Concerns For Small Businesses.
1. Email Security
Most email attacks start with a phishing scheme, which sends emails to people who work for small businesses. Within those emails, attackers embed links that could unleash a number of dangerous exploits that can severely harm businesses without security:
- Ransomware. Small businesses victimized by ransomware find their computer files encrypted and locked. They’re asked to pay a ransom to an attacker, who promises to send an encryption key in exchange for the money, but the key never arrives. Businesses lose client information, financial records, and proprietary data forever.
- Identity theft and bank fraud. Attackers might send a phishing email that looks like an urgent message from the employee’s bank. When the employee clicks the link and enters his or her login credentials, the attacker can empty the employee’s bank account, make purchases using the employee’s credit card, and open additional accounts using the employee’s identifying information.
- Medical ID and insurance fraud. Cyber attackers use employee medical information both to obtain prescriptions and to bill insurance companies for medical services rendered. Victims receive either collection calls from doctor’s offices or notices saying that they’ve maxed out their health insurance benefits.
- Backdoors. Malware downloaded from emails and installed on small business computers provide attackers with remote access to the computer and all of its files. Attackers can raid the company for information or hijack the computer to use in a DDoS attack.
2. Document Sharing
Many small business employees share documents online whether through email or through applications like Dropbox. Some small companies use tools like Office 365 or Google Apps to collaborate on company documents. However, if a cyber attacker obtains an employee password, all shared documents become vulnerable. Password managers can help employees both to design and to store complex tough-to-crack passwords.
3. Web Browsing
Attackers sometimes insert malware into legitimate websites. These attacks, called drive-by downloads, infect employee devices before spreading to the company network. Many virus protection programs scan websites, warning employees when links are unsafe to click. They also prevent other threats, like Java and Flash exploits, which give attackers an inroad to any small business network.
4. Mobile Devices
Mobile devices allow businesses to collect remote payments, and they allow employees to work from any location. However, lost or stolen devices could leave a small business network vulnerable to a data breach. Small businesses should protect their networks with tools that allow remote wipe of lost devices. Businesses that handle highly sensitive data, like patient health information, should encrypt both laptops and mobile devices.
5. Desktop Computers
Even though employees should know better by now, many still practice poor password security. They write their passwords on sticky notes and then adhere the notes to the bottoms of their computer keyboards. They might stick the notes to a highly visible corkboard, or share their passwords with their co-workers. Every desktop computer in a business should have antivirus software installed. Businesses should also have administrative password controls that allow managers to change passwords, delete them, or alter user access privileges.
Keeping Small Business Safe
Most small companies have limited financial resources and few IT personnel. A data breach or ransomware attack costs small businesses an average of $9,000 per incident. Investing in virus protection and other security measures cost much less than recovering from an attack. Small businesses are vulnerable enough to everyday obstacles. They can’t afford to be vulnerable to cyber attack.