Shareholder
By Brad Atkin, CPA, CISA, CITP, SOC – Shareholder, IT Advisory and Security Group

If you’re a small to mid-sized business the big question is – is your business prepared for a cyberattack?

According to a study from Symantec, 83 percent of smaller businesses have no formal plan to put in action in the event of a cyber security threat.

This is likely because many small to mid-sized business owners do not view hackers as a threat – after all, they have less money, a smaller client base and a lesser-known brand than larger-scale organizations. Until recent years, this may have been enough to stave cyber criminals away; however, the reality is that cyber criminals are now targeting smaller businesses more frequently than large iconic ones.

An Easy Target

Businesses of all sizes store employee and consumer data, which may include personal, financial or health information, that may be lucrative on the black market. Still, there are a few key factors setting small to mid-sized businesses apart making them more desirable targets for cyber criminals, such as:

  • Lacking the resources for effective security. When cybersecurity threats became increasingly prevalent, large companies utilized their resources to enact robust security systems and regulations. As it becomes more difficult to breach these major companies, hackers turn to the small and mid-sized companies with fewer resources and weaker online security.
  • Having a “too small” mentality. Smaller businesses often believe they are too minor to be on the radar of hackers and are therefore complacent about security. Hackers take advantage of this mindset.
  • Storing information using unsecure cloud services. More and more business is being conducted online using cloud services. Unfortunately, not all these cloud service providers use solid encryption technology, leaving this data accessible to hackers.
  • Offering a gateway to larger companies. Big companies with strong security measures in place will be difficult for hackers to infiltrate, so they turn to those smaller companies who are electronically connected to larger ones as an entry point. Hence, Target’s HVAC data breach.
  • Presenting better odds for criminals. There are significantly more small to mid-sized businesses than there are large ones, so hackers have more opportunities to run a successful ruse by targeting them.

Threats to Be Aware Of

Cyber criminals are constantly coming up with new ways to breach security and steal information, but in most cases, they will target smaller businesses using one of these three methods:

  • Phishing emails: Hackers create a legitimate-seeming correspondence to trick victims into divulging personal and financial information, typically by providing a fake website link or file to download.
  • Malware/ransomware: Malware includes any malicious software, while ransomware describes a more specific scenario in which criminals take over data and demand money in exchange for getting it back.
  • Hacking: Hackers infiltrate networks by working around security measures, sometimes using complex tactics, but typically by logging in using existing usernames and passwords that were made too easy.

Protecting Your Business from a Breach

Though your company is not large, the potential cost of a data breach is still big. The Ponemon Institute estimates the average cost of a cyber breach to a small to mid-sized business is over $2.2 million. Further, over 60 percent of these businesses that experience a data breach go out of business within six months of the incident. So, how can you protect your company from such a dramatic loss?

  • Train your employees. Studies show that over half of incidents are caused by human error, making your personnel your greatest vulnerability. Provide ongoing training covering proper security practices.
  • Limit access to information. Only employees who need to work with the sensitive data should be able to access it.
  • Install strong security software. Do your research to find an effective solution for your company and be sure to update your software as soon as the option is available.
  • Use complex passwords and change them frequently. You should password-protect all your data, but avoid using simple, easy-to-guess passwords or using the same password for everything. It’s also recommended to have an additional form of multi-factor authentication to protect data, such as a PIN code.
  • Have a cybersecurity lead. Even if you don’t believe you need a full-time person dedicated to IT and cybersecurity, it’s important to have someone knowledgeable about cybersecurity to act as a point person. That may require you to seek support from an outside vendor.

For more information on preventing your small to mid-sized business from becoming a victim of cybercrime, contact Doeren Mayhew’s cybersecurity advisors today. We offer a suite of CYBERCLAW™ solutions geared at helping businesses like yours mitigate cybersecurity risks.