In 2001, cybercrime accounted to $17.8 million in monetary damage. In 2018, that figure seems like chump change. According to Statista, the United States saw $1.4 billion in financial losses as a result of cybercrime last year alone. And while it’s the big fish that we read about on the news, hackers often focus on the small fry: over 43% of attacks are on SMBs.
The worrying thing is that SMBs don’t seem to be taking the necessary precautions. The stats aren’t encouraging:
- 71% of US businesses have suffered a breach (source: 2018 Global Threat Report).
- It takes businesses 191 days to identify a data breach (source: 2017 Cost of Data Breach Study).
- On average, businesses need up to 66 days to contain it (source: 2017 Cost of Data Breach Study).
- 77% of businesses do not have a proper response plan in case of a data breach (source: The Third Annual Study on the Cyber Resilient Organization, March 2018).
For business leaders sticking their head in the sand, be aware that threats are only going to increase. Hackers are becoming more sophisticated and tools more widespread. The following are the SMB cybersecurity challenges for the future. You’ll be surprised just how many of these are simple and rely on user error.
The most significant threat to your average SMB is the dreaded phishing attack. Technically straightforward, this elaborate ruse is constantly evolving. The problem with phishing attacks is that they target the weakest point of your system: people.
The goal of any phishing attack is to trick the user to voluntarily give away login credentials. These are then used for a wide variety of nefarious acts, such as inserting malware or stealing credit card details. While you can never legislate for all cases, it’s possible to minimize the risk:
Teach users how to identify suspicious emails. Send over the latest ways hackers attempt to get user details. Employees should be given training on a regular basis, with constant reminders to be vigilant.
Do not click a link. If your bank sends you a link to update your password, ignore it. Instead, type in the URL manually in your browser. Be extra vigilant if it’s an email you’re not expecting or it’s from someone you don’t recognize.
Digital certificates are mandatory. Even the cheapest hosting companies offer free SSL certificates. Users should always ensure that websites have that healthy green lock sign on the address bar. Be aware that this is not a guarantee, but rather a minimum requirement.
Use Secure Passwords
Yes, this may be a no-brainer but it’s worth repeating considering 63% of data breaches are due to weak or default passwords. The first step you should take is to make passwords less relevant. We’re talking two-factor authentication. If you can’t do this for whatever reason, ensure passwords are longer, are not reused or shared, and that passwords are changed on a regular basis (particularly if they’re used by contractors, for example).
Prepare Against Mobile Malware
Perhaps the fastest-growing threat to your business is mobile malware. According to Symantec, variants were up 57% between 2016 and 2017, with over 27 thousand known malicious mobile applications out there. Combat mobile malware by doing the following:
Update devices. It’s critical that all employees update their phones on a regular basis. The continued use of antiquated operating systems poses a significant threat, as it means patches that combat malware is not present. It is thought that only 2.3% of Android users are on the latest minor release of the OS; clearly not a good sign.
Install security applications. There are several paid options available that ensure mobile devices can be used safely when dealing with sensitive data. Users should still be aware of the risks, but this will go a long way in helping keep hackers at bay.
What is Your Cybersecurity Plan?
As we discussed earlier in this article, most businesses don’t have a plan of action. Don’t be like most businesses:
Document your policies. Your plan should be detailed, organized, and documented. This should be a work in progress at all times, changing based on experience and new information.
Use ethical hacking. Yes, there’s such a thing as ethical hacking. Also known as penetration testing, this method, conducted by IT security specialists, exploits weaknesses in your system so that you can patch them up before someone else uses it against you.
Have backup options. Even the most ‘secure’ SMB is at risk of a breach. If your data has been compromised, you must have backup versions available in case the worst happens. Your files should not be at the same location as the originals; invest in cloud options for example.