Why Is Cybersecurity Critical for Small Businesses?
Small businesses are vital to the U.S. economy, with around 30.2 million small businesses employing close to 60 million people in recent years. Customers like the unique goods and personalized services this diverse group of business owners can offer. Employees enjoy the atmosphere a small workplace provides. And unfortunately, hackers and bad actors also find small businesses attractive—and lucrative—targets for cyberattacks.
Every small business, regardless of size and service, uses the internet in some way to conduct business—even more so today with the advent of the coronavirus. Hackers exploit unprotected or poorly protected computer systems that have no or out-of-date virus detection systems. This is often the case with small businesses, as owners juggle a variety of financial demands and, as a result, may not invest in effective software or scanning programs that can continuously monitor evolving cyber threats.
In addition, bad actors frequently take advantage of untrained or inexperienced employees unfamiliar with email phishing attempts. This allows them to plant malware or ransomware on a business’s system.
The numbers tell the bad news. In 2019, 43 percent of data breaches involved small business victims, according to a report on data breaches from Verizon.
And a Hiscox Insurance report found that more than half of all small businesses suffered a breach within the last year, and 4 in 10 were attacked multiple times. Cyberattacks cost small businesses $9,000 per incident in 2019, up from $3,000 in 2018—a 200 percent increase. Hacks can be crippling, forcing some companies out of business within six months of being attacked.
Unfortunately, worker-caused errors, whether intentional or not, remain the greatest threat to their employers. This includes clicking on links in phishing emails that give hackers entry into their systems, providing sensitive or financial information to phone-calling scammers, or even sending an email with confidential company details to the wrong person.
Says Baan Alsinawi, the founder and managing director of TalaTek, “With challenging times ahead, businesses of all sizes and in all sectors should continue to make cybersecurity a top priority in 2020. And especially small businesses. They have just as much at stake as their larger counterparts, risking their reputation, loss of client data and overall success when they have a weak cyber plan in place.”
So how do small businesses protect themselves, given their narrow profit margins and constantly shifting financial demands? Alsinawi suggests that these business owners use the same diligence and people skills they draw on to launch their businesses and keep them going.
They should start with:
- Training every employee, full-timers and part-timers alike, on the basics of cybersecurity and cyber hygiene so they feel responsible for helping maintain the business’s security,
- Using teaching drills and exercises based on real-world scenarios employees face every day to test their ability to detect scammers, and
- Educating staff about the dangers of unsolicited emails containing links and attachments that could contain malware or ransomware and stress the need to stay alert for warning signs of these phishing attempts.
TalaTek advises small businesses to follow these best practices to protect their systems:
- Every day, back up and duplicate data and files so they are retrievable if systems are compromised or attacked with ransomware,
- Install and update antivirus, network firewall, and data encryption tools to scan for and counteract viruses and harmful programs,
- Secure mobile devices to access computer systems and networks—these are the most vulnerable entry points, and
- Require employees to use multifactor authentication to access the computer system or network and to regularly update their passwords.