This weekend, CNBC reported the average cost a small business incurs as the result of a cyber-attack has risen to $200,000. As a result, insurance carrier Hiscox found 60 percent of affected organizations cease operations after suffering a data breach. Moreover, the firm noted the problem is escalating as more than half of America’s 30.2 million small businesses have sustained a data breach in the last year.
Why Hackers are Attacking Small Businesses
According to Verizon’s 2019 Data Breach Investigations Report, rogue operators now direct 43 percent of their assaults against small organizations. Hackers have taken to targeting burgeoning enterprises because the majority of them don’t invest in quality data security. Indeed, the Ponemon Institute found only 14 percent of small to medium-size businesses possess adequate cybersecurity resources.
Consequently, several cybercriminals have chosen the path of least resistance when searching for vulnerable databases. Nevertheless, Keeper Security found 66 percent of small business decision-makers believe hackers won’t target their organizations.
For instance, in September, DoorDash disclosed it suffered a data breach that affected 4.9 million people. However, because the firm encrypted its financial data, malicious operators could access it. Conversely, Volunteer Voyages did not employ the same level of security, and thieves racked up $14,000 in fraudulent charges using its payment information.
While large corporations can absorb the impact of a large-scale data breach, small businesses often cannot. Even thriving startups can struggle with operational disruption costs, mounting attorneys’ fees, regulatory compliance fines, and forensic investigations. Moreover, small enterprises can incur even higher expenses if hit with a ransomware attack.
As McAfee reports, 480 new cyber threats emerge every minute, so small businesses need to take greater steps to protect themselves.
Small Business Cyber Security Measures
As ransomware attacks have exploded in popularity this year, small firms should back up their data daily. By doing so, organizations can resist attackers’ demands for money in exchange for unencrypting their files. It’s worth remembering cybercriminals have no particular incentive to provide decryption keys after they receive payment.
Furthermore, burgeoning enterprises should invest in a quality cybersecurity solution. Ideally, firms should look for providers that offer antivirus protection, network monitoring, and denial-of-service attack prevention. As cyber-attacks have become an inevitability instead of a possibility, small businesses should be proactive in protecting their digital infrastructure.
Organizations also need to implement companywide cybersecurity policies. These should include making company data available to employees on a need to know basis only. Moreover, decision-makers should train their staff on how to identify and respond to phishing attempts. Even the most expensive cybersecurity solution can’t compensate for workers that don’t practice proper cyber hygiene.
Lastly, it’s crucial for small businesses to regularly scan their networks, computers, and connected devices for malware and vulnerabilities. CNBC notes most companies don’t discover their data has been compromised until 101 days after the initial breach. As a result, hackers often inflict critical damage to a firm’s systems without their knowledge.
Indeed, rogue operators infiltrated Equifax’s network and compromised the records of 147 million people over two months because the corporation left a critical exploit open.
While small businesses often find themselves with less than optimal capital, cybersecurity is not an area on which they can afford to skimp.