Cybersecurity is not a new topic for businesses, and its importance has only increased with the increasing popularity of using cloud-based technologies.
What seems like a recent shift is a growing focus on cybersecurity for small and medium-sized businesses. It’s true that news about hacks and ransomware attacks tends to focus on larger companies and corporations—organizations with vast pools of data at risk.
But the risk to smaller businesses is just as significant, perhaps not in magnitude but in importance — not just for business owners but for the US economy as a whole. Above 90% of data breaches in the first quarter of 2022 resulted from cyber attacks, so no matter the size or scope of your operation, the issue deserves attention.
Cybersecurity threats keep coming
Ever since companies started storing and hosting information online, cybercriminals have been working to steal this data. Phishing, ransomware attacks, internal hacks and more are common buzzwords in every industry worldwide. And criminals are constantly developing new and improved ways to access and steal information that they can use for nefarious purposes.
This has spawned an entire industry of cybersecurity firms and insurance policies. Notable is the rise and success of such companies, as well as skyrocketing insurance premiums for companies looking to purchase cyber insurance. Such bonuses are steadily increasing at a rate of between 30-50% year after year and are expected to increase by more than 150% overall.
Why the sudden rush to capitalize on cybersecurity products? Industry experts believe this could be directly related to increased cyber attacks on smaller businesses.
There are around 32 million small businesses in the US, which collectively contribute nearly 50% to GDP. This is a significant untapped data source for cyber criminals.
The problem for industry analysts is that private companies and smaller businesses are much less likely to report cyberattacks. This makes it difficult, if not impossible, to estimate the actual number of companies affected.
It’s happening in your neighborhood
SolarWinds, a small software company, was invaded by Russian hackers after a routine update in 2020. The attackers were able to infect the provider’s software with malware, which in turn put 18,000 private companies and government agencies at risk.
In 2021, on-premises Microsoft Exchange servers were hacked by a Chinese government-backed group called Hafnium. The group is believed to have mined data to gain insights into American consumers.
It is estimated that 350,000 servers were hacked and the attackers automatically created undetected “backdoors” after discovering they had been caught. As a result, around 200 additional ransomware attacks occurred in July 2021.
Attacks like these, hitting companies with smaller data caches, are becoming more common. And criminals are adopting new attack methods, e.g. B. Attacks on an organization’s software supply chain.
Companies in the healthcare sector are most at risk, but small mom-and-pop businesses are also vulnerable. The number of companies experiencing similar attacks is expected to triple between 2021 and 2025.
Small business – a growing goal
As security measures are developed to improve these types of attacks, cybercriminals could start targeting smaller businesses that are likely to have shallower pockets. These criminals may be betting on the likelihood that smaller businesses will slack off in building a well-rounded security protocol.
Because of this, small businesses need to take extra care to protect their information from cyber attacks. That means larger dollar amounts may be spent on insurance premiums.
Additionally, with the increase in cybersecurity incidents, many insurance companies have added minimum security standards that must be met in order to qualify for coverage. The fact that up to a third of companies are denied insurance coverage could indicate a lack of current safety standards.
How to increase cyber security for your company
Aside from adding the services of a cybersecurity firm to your operating expenses and investing in the right kind of insurance, there are sensible steps companies can take to significantly reduce their chances of becoming a victim of a cyberattack.
And while nothing on this list guarantees complete protection, combining a few standard practices will create a security culture that will become second nature.
- Educate employees on security procedures and potential cyber threats.
- Install firewalls for Internet connections.
- Set security standards for mobile device users.
- Back up data multiple times.
- Secure Wi-Fi networks from unauthorized use.
- Reassess financial systems and establish transaction best practices.
- Limit access to computers, data and networks.
- Use encrypted passwords and multi-factor authentication.
- Conduct frequent security audits and assessments.
In addition to these standard safeguards, the Federal Communications Commission (FCC) provides resources for organizations wishing to address cybersecurity concerns, including: a Cyber Security Tip Sheet and the Small Biz Cyber Planner 2.0 to help organizations create their own bespoke cybersecurity plans.
Additional resources are available on the FCC website.
As technology evolves and more and more businesses seek digital resources for their needs, cyberattacks will continue to be a problem. And cybercriminals are likely to be working as quickly as possible to find new and innovative ways to threaten businesses with cybercrime.
Check the security of your security concept, identify where there are security gaps and implement changes as quickly as possible. This protects your business results, your employees and your customers – as well as the solvency of your company.
The Atlanta Small Business Network, from inception to success, we’re your one-stop shop for small business news, expert advice, information and event coverage.
While you’re here, don’t forget to subscribe to our email newsletter for the latest in business news know-how from the Atlanta Small Business Network.