50 percent of Small- and Mid-Sized Businesses Hacked in the Last Year With Employees as Biggest Target
In today’s increasingly malicious computing environment, hackers don’t discriminate. They don’t limit their focus only to “big ticket” Fortune 500 companies. In fact, this misconception is among one of the biggest reasons many small- and mid-sized business are often targeted — and breached — by opportunistic cyberattacks. Today’s hackers view SMBs as low-hanging fruit, since smaller businesses often either don’t see cybersecurity as a real threat, or they don’t feel that their data is a worthy target for a hungry attacker — both of which are completely unfounded beliefs.
In a recent study by the Ponemon Institute, researchers found that more than 50 percent of SMBs have been breached within the past 12 months, and about 75 percent of those businesses reported that attackers had infiltrated the companies’ anti-virus and anti-malware protections. Only about 14 percent of the SMBs surveyed felt they had an effective approach and response to cybersecurity threats.
As hackers continue to evolve beyond our best defenses, businesses need to look at the potential vulnerabilities in elements that are often beyond their control. Employees can present a weak point in any company’s security framework, since they are susceptible to human error and an assortment of convincing phishing and social engineering attacks built to operate on human sensibility and familiarity. Throw in the now-mainstream practices of BYOD (Bring Your Own Device) and BYON (Bring Your Own Network), and any business with employees has a whole host of potential weak links in their business’s security architecture.
So what can a small- or mid-sized business do to defend against these rapidly advancing cyberattacks?
- Consider Outsourcing Your IT. Most companies find that a third-party security vendor has the expertise and dedication to keep pace with cyberthreats far beyond what the company can realistically handle internally. Small- and mid-sized businesses should aim for a “products and services” approach to cybersecurity, which integrates existing IT with a 24/7/365 security and compliance monitoring service.
- Refocus Your IT Priorities — and Make Security Priority #1. The importance of diligent, regular maintenance and upkeep of a company’s IT systems cannot be overstated. Regularly conducting software updates to remove and/or patch any vulnerabilities can stop or often decrease the chances that a hacker will access and exploit weaknesses to gain control of your network and your valuable business data.
- Continuously Monitor Network Traffic — and Preemptively Defend It. These days, a business must continuously take stock of its network traffic for oddities such as unauthorized file transfers and unsavory IP addresses. When an IT security expert identifies these potential threats, they can add them to a threat list and block them from accessing your network. Your IT professional can set up application firewalls that will easily identify and block common online threats that attack your web platforms via cross-site scripting and SQL injections. When these threats attempt to access your system, your IT admin is notified and can take further defensive action.
- Effective, Regular Backups Are a Necessity. Ransomware is perhaps one of the most successful malicious methods of attack in business cybersecurity today. This is because it easily gets past employees’ defenses in the form of phishing and social engineering, and once it’s in your system, it takes your business data hostage until you pay up.
If you have an effective, updated backup in place, you stand a much better chance of surviving a ransomware attack without going broke paying criminals for your data.
- Educate Employees to Prioritize Security. Employees are often the weakest point in a company’s IT security framework. You can lessen this vulnerability by regularly conducting security training and information sessions to keep employees in the loop and updated as to the latest company IT security policies, password protocols, and BYOD/BYON procedures.
403Tech Inc is your IT security expert specializing in protecting your business against ever-evolving threats such as ransomware, phishing attacks and other cybersecurity vulnerabilities. Contact us at (403) 215-7506 or send us an email at [email protected] for more information.