If you have a small business and haven't yet been the victim of a cybercrime, that doesn't necessarily mean you're safe. It probably just means you've been lucky. In the last few years, cyber attacks on small businesses have been increasing in frequency and also severity. In fact, in 2020 alone, attacks on small businesses increased by 424%.
Why would hackers specifically target small businesses? Because they typically don't have basic cybersecurity measures in place, and they're incredibly easy to hack. Just like with home security, criminals are typically not looking for a challenge. They find an easy opportunity, and they take it…an unlocked door, a lower level window left open, et cetera. Of course, no house is impossible to rob, and no business is impossible to hack. However, once you make it fairly difficult to break in, hackers tend to pass you by.
7 Cybersecurity Trends That Small Businesses Should Know
Many businesses that were in a position to move some or part of their operations online and accommodate remote work during the pandemic are still operating that way over two years later. Home offices and employees' personal smart devices tend to be less secure.
It's very possible for remote, hybrid and in-person workplaces to be highly secure, but only if your business is actively tracking the following topics:
1. Ransomware
Ransomware is a type of attack where a hacker will encrypt a business's data, and demand a ransom for decrypting it. Small businesses are the target of 75% of ransomware attacks, and the average ransom has increased from $5,000 to $200,000. Ransomware attacks are not new, but hackers are growing bolder and more sophisticated in their attacks. It seems ironic, but hackers are also taking their cues from standard business practices, and have begun to invest their ill-gotten gains back into their operations to make future attacks even more vicious.
It's not fair that small businesses should have to defend themselves against these increasingly sophisticated tasks. But if you're feeling discouraged reading this, take heart. A little awareness and some basic prevention go a long way. To avoid becoming the victim of a ransomware attack, it's important to keep up with upgrades and patches. Make sure everyone who has access to your data uses a strong password, and opt for multi-factor authentication. Regularly backup your important data so that even if the worst happens, you won't need to pay a ransom just to keep operating.
Of course, these are just a few of the measures cybersecurity professionals typically recommend. Marco also provides a comprehensive checklist for small and medium-size businesses.
2. Cloud Security
Many small businesses migrated to the Cloud in the past few years, as more workers were off-site. And to be fair, many Cloud service providers include decent cybersecurity measures. Some, however, do not. Check with your provider to make sure they include secure encryption, authentication, audit logging, and can keep your data separate from their other clients.
3. Multi-factor Authentication
Multi-factor authentication is an essential tool to prevent hackers from accessing data as workers move off-site, and using any form of multi-factor authentication is an important step. However, hackers have come up with a way to thwart text message and phone authentication. App-based authentication can keep your business far more secure.
4. Mobile Device Vulnerabilities
Where would we be without smart devices? Most of us conduct a significant portion of our day-to-day communication, shopping, banking and other business through them. While smart devices typically offer more security than most computers, they're not invulnerable. Users should be suspicious of third-party apps, apply updates to their operating system as soon as they're available, use public wi-fi carefully, and consider installing anti-malware. Finally, it’s best to treat mobile devices like a wallet or passport. Don't leave them lying around in a public place where it can easily be stolen.
5. Artificial Intelligence
As cybersecurity threats evolve, so do defenses. Artificial Intelligence is already starting to make cybersecurity more efficient in recognizing attacks, improving authentication and reducing vulnerabilities. Today, AI and machine learning can boost the efforts of smaller cybersecurity teams; in the future, it will be a much stronger cybersecurity tool.
6. Phishing
Phishing is an email designed to trick you into revealing sensitive information. Phishing scams are on the rise, and hackers are using more sophisticated tactics to try to lure their victims. In fact, many internal IT departments have begun deploying fake phishing attacks as part of their ongoing training program, so they can see if other staff members will still take the bait.
If your IT department is not capable of providing security awareness training, a Managed Services Provider like Marco can always step in. In any case, staff should regularly receive reminders not to click on emailed links or download files without giving them a second thought, to hover over links before clicking them, or better yet, to navigate directly to websites through their browser instead. Phishing emails can look like they're coming from businesses people recognize and trust, including the one they work for. But common red flags include spelling and grammatical errors, links that don't match the content, and content that tries to arouse fear or curiosity.
Phishing is also carried out on social media, and can be disguised as a harmless bit of fun. Resist the urge to respond to posts that ask for specific information, and encourage employees to regard such posts with suspicion. Chances are you'd never enter your social security number into a social media post, but other no-no’s include common password recovery clues, like the name of your first car, or the street you grew up on.
7. Data Privacy
Recently, hackers made off with an astonishing amount of sensitive data from both Samsung and Nvidia. In Nvidia's case, 71,000 employee credentials were compromised, and the hackers threatened to release valuable trade secrets unless the company meets their demands. That's bad enough, but depending on the business and state laws, if an organization fails to protect sensitive client or employee data, it could be sued.
If you don't have the infrastructure to keep up with basic cybersecurity measures and your business handles sensitive data, it's time to seek help from a Managed IT Services provider.
Help Is Always Available
After reading this blog, it might be tempting to throw up your hands, and not think about cybersecurity again. That's definitely an option, as long as someone else does it for you. Marco is able to take on all or part of your business's IT needs, and our staff constantly monitors cyber threats and fine-tunes defenses.
Bottom line--if your IT department is too busy handling day-to-day tasks to focus on cybersecurity, the time to ask for help is now, before something happens.