How safe is your small business from the cyber bad guys? Cyber criminals, scammers and ransomware groups can take aim at small businesses, costing companies in time and money.
The costs of doing nothing to protect your small business can be high. A successful cyberattack can include downtime for your business, which is much harder for a small business to recover from than a larger organization. It could even lead to a shutdown.
In 2021, the FBI received nearly 20,000 complaints about business email compromise scams and attacks with losses of about $2.4 billion, according to a recent report. Those scams involved hijacking existing email accounts and asking for money or critical information that is then used against the business.
According to a an SBA survey earlier this year, 88% of small-business owners felt their business was vulnerable to a cyber attack, and the average cost of data breaches for small businesses is climbing, from $2.35 million in 2020 to $2.98 million in 2021, according IBM’s 2021 Cost of a Data Breach Report
Data from AdvisorSmith found 42% of small businesses experienced a cyberattack in the last year, while 69% are concerned about cyberattacks in the coming year. The most common form of cyberattack reported by small-business owners was phishing attempts, while the next most prominent was data breaches.
Tips to help you now
What’s a small business to do? Here are some recommendations to consider that Growbiz has gleaned from experts:
- Up your game. Go beyond passwords (and there are an alarmingly high number of companies that don’t even have a strong password policy). Require 2-factor identification for everything, including customer-facing applications, any remote access and cloud-based email.
- Think before you click on any link. Take a look at the sender’s email address to ensure that it is coming from the business or person they claim to be. Hover over any links to see where the destination is.
- Stay current with patches. Keep your operating system and antivirus software up to date and patch your operating systems as soon as they become available. This sounds super basic but it’s often not done, especially among small businesses.
- Payment sites need extra consideration. Web application compromises now include code that can capture data entered into web forms. Consider adding file integrity monitoring on payment sites, in addition to patching operating systems and coding payment applications.
- Train your team. Your employees are your first line of defense against cyber amattempts and to report strange computer activity. Are company guidelines in place about the security of data on company laptops and on the use of unsecured WIFI? Employees who click on attachments is still one of the easiest ways for companies to get infected.
- Monitor access to sensitive data. About a third of cyber attacks on businesses last year were inside jobs, Monitor and log access to sensitive data, quickly move to shore up the access when an employee leaves the company and be vigilant.
- Are your suppliers secure? Try to find out how secure your critical suppliers are. While that information is not easily available, the last thing you want is a vulnerability that is passed along to you by a service provider.
- Have a response plan in place. Develop a plan for how you will respond if you are attacked, including alerting customers of the breach required by law, if that is the case, and managing the PR risk.
A majority of small-business owners and business leaders believe a cyberattack on their own company is inevitable — but many haven’t taken steps to prevent an attack. Indeed, the Travelers Insurance 2022 Travelers Risk Index found that 59% of business leaders worry a great deal about cyber threats., even at a time of elevated inflation, recession fears and hiring challenges.
Where to find resources
Small Business Administrator Isabel Guzman said earlier this year that about 25% of small-business owners are impacted by the issue and the average cost of that fallout is $25,000 — and half of the affected small businesses don’t end up surviving.
To help, the SBA rolled out a new $3 million pilot program to help small businesses develop stronger cybersecurity protections.
Small business can also visit CISA.gov. The government website is full of resources for small business owners written in a non-technical manner. They help define terms such as phishing and offer simple steps for laypeople to both educate themselves and their employees.
The Florida SBDC Network has a program and a website dedicated to cybersecurity education and advice. That website offers a guidebook, videos and other information. You can access the webpage here. In addition, Florida SBDC at FIU occasionally holds seminars on the topic.