Small Business Cybersecurity: What's the Real Risk?
While the logic sounds good, it doesn't hold up. According to Stay Safe Online, part of the National Cyber Security Alliance, 50 percent of SMBs have been breached in the past 12 months and 60 percent of hacked businesses fold within six months of the attack.
Bottom line: There's big risk in small business cybersecurity. Here's how your company can improve the odds of staying safe.
Face Hard TruthsAs noted by Inc., more than 70 percent of cyberattacks target small businesses. Let that sink in: The majority of these attacks aren't carried out against multinational corporations or industry leaders. SMBs are the primary target. Why?
A recent Forbes article sheds some light on the problem — small businesses simply aren't prepared. Security experts note that many SMBs lack information security expertise, have fewer security controls in place, allow employees to work over insecure Wi-Fi and leverage payment processing or collaboration tools that aren't inherently secure. As noted by Stay Safe Online, in-place security protocols are often lacking. Around 59 percent of businesses say they have "no visibility" into employee password practices; even when SMBs have specific password policies in place, 65 percent don't enforce the rules.
Outsourcing is also a potential problem. Since SMBs typically can't afford full-time security staff, tapping third-party expertise makes sense. But if providers' security practices are also lacking, SMBs may not realize they're at risk until it's too late — and if customer data is compromised, the buck stops with SMBs.
The result? Smaller organizations make easier targets for hackers than large enterprises, largely because small business cybersecurity practices are often lacking (or nonexistent). This lets attackers try out specific threat vectors with limited fear of reprisal. It also allows them access to sensitive company data if they're successful.
Ramp Up Small Business Cybersecurity
While it's impossible to completely eliminate cybersecurity risk, SMBs can take steps to improve their security posture and deter malicious attacks.
- Push Better Passwords — This means drafting a clear policy about how passwords are created (for example, they must include at least one special character, one number and one capital letter) and then ensuring that passwords are changed every six months.
- Defend Devices — Hackers often exploit weak hardware defenses, such as stock passwords on wireless printers, network routers or POS terminals, to compromise SMB systems. Accordingly, it's important to regularly change login and password information on these devices and monitor them for suspicious behavior.
- Reduce Access — Employees typically don't need 24/7 access to the entire network. Despite good intentions, staff members remain a key concern for small business cybersecurity — they may download malicious apps, open unknown email attachments or click infected links. Consider a cloud-based security solution that lets administrators set access permissions per device (and per employee) to limit the chance of accidental compromise.
- Follow the Framework — The NIST security framework offers straightforward suggestions for improving cybersecurity at businesses of all sizes. It's a constantly-evolving document that can help identify key tech issues for employee training as well as best practices for finding providers, encrypting data and securely updating key systems.
Companies may also benefit from guidelines established in the new NIST Small Business Cybersecurity Act, which has already passed Congress and is under debate in the Senate. While these regulations won't be mandatory, they build on basic NIST frameworks to help SMBs identify key practices for improving cybersecurity.
The bottom line? Small size can actually mean bigger cybersecurity risks for SMBs. To enhance total security, opt for improved passwords, better device defense, limited access and standardized suggestions.