Are Hackers Actually Targeting Small Businesses?
In the news, it seems like every month we learn about hackers trying to take down larger companies like Target, Sony, or Walmart, but are cybercriminals actually targeting small and medium-sized businesses with 1-100 employees in Connecticut? Is small business technology usually safe?
IT Safety in Numbers, Right? As kids, we were taught the phrase “safety in numbers” by our parents, and small business owners often like to use that type of mindset when it comes to cybersecurity and data breaches. I’m just one tiny fish in a huge ocean. Why would my small business be targeted out of thousands in Connecticut or Massachusetts? Wouldn’t it make more sense for hackers to chase after the large corporations with more data and more money? Yes and no. Small businesses are a much easier target for hackers due to their insufficient resources, insufficient cybersecurity awareness, and a large number of technical vulnerabilities to exploit. Hackers look for the easiest way to prey on the uneducated, since the risk of being caught is a lot lower.
The Facts about Small Business Data Loss Symantec, one of the world’s leading cybersecurity technology companies, released their 2018 Internet Security Threat Report, stating “43% of cyber attacks targeted small business with less than 100 employees in 2017.” That’s a drastic increase compared to the mere 18% of attacks focused on small businesses just a few years back in 2011. In 2018, Verizon reported that “58% of malware attack victims are categorized as small businesses.” (Verizon’s 2018 Data Breach Investigations Report)
Unfortunately, data breaches hold devastating effects for businesses. Not only do they carry bad publicity and your clients won’t want to touch you with a 10-foot pole, but businesses that have taken a beating from a data breach often don’t survive. FEMA’s 2017 Report released that “more than 40% of businesses never reopen after a data breach disaster, and for those that do, only 29% were still operating after two years.”
But what about just temporary data loss? FEMA states that “those [small businesses with under 100 employees] that lost their information technology for 9 days or more after a disaster filed for bankruptcy within a year.”
Unfortunately, many CEOs don’t recognize the value of their QuickBooks files, client databases, and documents until it’s too late. That’s why making sure your data backups and cybersecurity protections are in place to prevent data disasters.
Sophisticated Cyber Attack Methods Cybersecurity threats are everywhere, and it’s hard to stay up-to-date with them because are designed to attack in various combinations. It’s not just the common “Prince of Nigeria” or IRS scams anymore. For an overview of the common types of threats out there, see our post on 10 Cybersecurity Threats Every CEO Must Thwart.
Targeted phishing attacks, called “spear phishing”, are proving to be a serious cybersecurity issue for small business owners throughout Connecticut. In these attacks, hackers impersonate an employee with the company they are trying to attack. They’ll ask another employee or even a client to send them account credentials or money. We’ve witnessed a few financial companies in Manchester and Hartford becoming victims of spear phishing and requiring a professional’s help to tighten their network security in just this year alone.
Even worse is that spear phishing just one data breach tactic, and hackers are constantly coming up with new tactics to stay ahead of the game. For example, tricky cybercriminals are mimicking auto-response emails from online sites like Amazon, Walmart, or Verizon. Instead of a link to view your “most recent purchase” or “reset your password”, they place a link to malicious websites that automatically download spyware or ransomware to your computer. Sophisticated hackers may even set up a website that looks like the homepage of Amazon or Verizon with a customer login portal that collects your email and password credentials.
With the rising number of targeted attacks against businesses, small and large alike, it’s vital to understand how to keep your computers, servers, and network safe and secure.
Education is Key One of the best ways to be proactive about cybersecurity is by training your employees to adhere to basic cybersecurity protection policies. Understanding the differences between the legitimate emails and the fake phishing ones, how to keep a clean desk and clear screen, as well as being able to identify the various types of cyber attacks are just a few topics to cover. According to IBM’s 2014 Security Report, “95% of data breaches are caused by employee mistakes.” And most mistakes are preventable.
If you’re uncertain that your employees could correctly identify a malicious attack, contact us here at Encompass IT Solutions in Manchester, CT for our Cybersecurity Employee Training. Find out how well your employees handle your essential business data, as well as give them access to educational videos on cybersecurity awareness. Give us a call at (860) 785-6233 if you have any questions.