We’ve all heard about big companies getting hit by data breaches — Yahoo, Facebook, Marriott International, and more have notoriously fallen victim to large-scale attacks that rocked news headlines. But what about small-to-medium-sized businesses (SMBs)? While many SMB owners and employees might assume their smaller size makes them less valuable targets, they couldn’t be more wrong.
In fact, 43 percent of the most common digital attacks target SMBs. So what exactly makes smaller businesses so vulnerable to these threats?
The shift to a more digital workflow as a result of the COVID-19 pandemic didn’t exactly help; unfortunately, 22 percent of SMBs transferred to remote work without any kind of threat prevention plan. Even prior to the pandemic, a 2019 survey revealed that only 14 percent of SMBs rated their ability to prevent and properly address cyber risks and vulnerabilities as useful.
There are a number of reasons that SMBs find themselves at risk for security breaches. According to Untangle, 32 percent of SMBs cited budget constraints as a barrier to better security, 24 percent blamed employees for not following guidelines, and 14 percent cited having limited time to research new threats.
Wondering why a threat actor would even go after an SMB? Smaller businesses do, in fact, present valuable assets that make them targets, such as:
Without proper IT security, the cost of suffering a cyber attack can be a devastating blow to SMBs. According to AppRiver Software, $149,000 was the average cost of a data breach for an SMB in 2019, and most SMB leaders estimate the cost of a data breach to be around $10,000.
There are four main attack vectors, or paths, that threat actors often use to infiltrate small businesses. Let’s break them down.
Email
Email is the #1 attack vector for SMBs, and serves as a primary starting point for malware, phishing, and other types of attacks.
Endpoints
An endpoint is anything that connects to a network, such as: laptops, desktop computers, smart phones, tablets, point-of-sale (POS) terminals, and other devices. Potential attackers can exploit endpoints using various forms of malware.
Network
Any network that connects to the internet and is used by your employees (e.g., your company’s network, the free WiFi at a coffee shop, customer networks) can be used by cybercriminals to attack your business.
Humans
Human error has proven to be one of the biggest vulnerabilities for SMBs. In fact, 85% of data breaches involve a human element, which can include anything from an employee using weak passwords, clicking on a phishing link, sharing private information with someone from outside the company, etc.
Despite the privacy and security obstacles that come with running an SMB, taking the right approach is possible with an informed understanding of what your business needs, and how it can fit into your work model. Start by breaking down your security plan into the following steps:
For our full step-by-step guide to improving your SMB’s security, download our free ebook here. We’ll guide you with detailed insight, tips, statistics and more to make your SMB more secure than ever.
The post Here’s Why SMBs Need Improved Cybersecurity Now More Than Ever appeared first on VIPRE.
In fact, 43 percent of the most common digital attacks target SMBs. So what exactly makes smaller businesses so vulnerable to these threats?
The shift to a more digital workflow as a result of the COVID-19 pandemic didn’t exactly help; unfortunately, 22 percent of SMBs transferred to remote work without any kind of threat prevention plan. Even prior to the pandemic, a 2019 survey revealed that only 14 percent of SMBs rated their ability to prevent and properly address cyber risks and vulnerabilities as useful.
There are a number of reasons that SMBs find themselves at risk for security breaches. According to Untangle, 32 percent of SMBs cited budget constraints as a barrier to better security, 24 percent blamed employees for not following guidelines, and 14 percent cited having limited time to research new threats.
Wondering why a threat actor would even go after an SMB? Smaller businesses do, in fact, present valuable assets that make them targets, such as:
- Employee and customer records
- Access to financial information including bank accounts
- Access to larger companies and their networks through the supply chain
Without proper IT security, the cost of suffering a cyber attack can be a devastating blow to SMBs. According to AppRiver Software, $149,000 was the average cost of a data breach for an SMB in 2019, and most SMB leaders estimate the cost of a data breach to be around $10,000.
What are the most common ways cybercriminals can attack your small business?
There are four main attack vectors, or paths, that threat actors often use to infiltrate small businesses. Let’s break them down.
Email is the #1 attack vector for SMBs, and serves as a primary starting point for malware, phishing, and other types of attacks.
Endpoints
An endpoint is anything that connects to a network, such as: laptops, desktop computers, smart phones, tablets, point-of-sale (POS) terminals, and other devices. Potential attackers can exploit endpoints using various forms of malware.
Network
Any network that connects to the internet and is used by your employees (e.g., your company’s network, the free WiFi at a coffee shop, customer networks) can be used by cybercriminals to attack your business.
Humans
Human error has proven to be one of the biggest vulnerabilities for SMBs. In fact, 85% of data breaches involve a human element, which can include anything from an employee using weak passwords, clicking on a phishing link, sharing private information with someone from outside the company, etc.
How SMBs can improve security
Despite the privacy and security obstacles that come with running an SMB, taking the right approach is possible with an informed understanding of what your business needs, and how it can fit into your work model. Start by breaking down your security plan into the following steps:
- Make a thorough assessment of your current cybersecurity defenses. What are the potential risks your company faces if there’s a breach? Where do your biggest vulnerabilities lie?
- Decide how you want to manage cybersecurity. Do you have the resources and time to take care of it in-house, or will outsourcing make it easier and safer for you?
- Implement layered security measures to detect and block attacks. Are you making sure to secure every layer of your business beyond just one or two security tools?
- Educate employees on cybersecurity threats and best practices. When was the last time your team gained the proper tools to defend your business? Do they know how to spot a phishing email or other types of hacking attempts?
For our full step-by-step guide to improving your SMB’s security, download our free ebook here. We’ll guide you with detailed insight, tips, statistics and more to make your SMB more secure than ever.
The post Here’s Why SMBs Need Improved Cybersecurity Now More Than Ever appeared first on VIPRE.