Small and mid-sized businesses (SMBs) deal with quite a bit of challenges in keeping their companies afloat and thriving. Production, distribution, marketing, labor, research and development, customer service—these are just a few areas that keep SMB owners and managers busy. Amid these important everyday responsibilities, cybersecurity sometimes gets lost in the shuffle. According to a 2017 survey by Manta, 87 percent of small businesses interviewed do not think they are at risk of a data breach.
Unfortunately, companies of all sizes are not that safe from cyberattacks. SMB security threats are plentiful, and they can be more damaging to your organization than you can imagine. If the aforementioned production, distribution, marketing, labor, research and development, and customer service are tied into your computer system, one precise cyberattack can take down everything. Larger companies are bruised by such attacks but are usually able to withstand the breach. However, SMBs might never recover from a devastating cyberattack—the margin of error is simply too slim to have their systems down for a few days.
One of the first and best defenses SMBs can take is knowing what threats are out there and what measures they can take to counter those threats. Many organizations choose to partner with a third-party expert to bolster their cybersecurity; others attempt to set up their own measures to protect their systems. Either way, here are four SMB security threats that businesses in Southern California should be aware of:
Ransomware is fast becoming the most serious threat facing today’s SMBs. Simply put, ransomware is a malicious software that infects a system and encrypts data for the hacker, who essentially holds your system hostage until you pay a “ransom” to get it back under your control. Protecting against ransomware requires two strategies: robust backup systems so you can ditch the infected data and start anew with minimal disruption, and preventing the ransomware from ending up in your systems in the first place. The alternative is paying the ransom or permanently losing access to data—and neither option is palatable for SMBs already under tight budgets. In some circumstances, it may also be possible to pay the ransom and still lose the data.
Phishing relies upon email to trick users into opening unsafe attachments or providing personal and/or sensitive information (such as account logins and passwords). You would think by 2018, everyone would know not to open suspicious emails, but it still happens, thanks in no small measure to phishing attacks becoming increasingly sophisticated (e.g., a fake subject line of “There was a problem with your Amazon order” along with a deceptively convincing email message) and simple human nature (who doesn’t want their Amazon order to arrive on time?). Strong spam filters and firewalls, as well as better education, can counter phishing attacks and deny the system access that the bad guys are working hard to get from your unsuspecting employees.
Once upon a time, really not that long ago, cybersecurity was keeping just servers and computers safe. Laptops gradually changed this, but when smartphones and tablets exploded for business use, a whole new cybersecurity focus emerged. If anything, this focus is still emerging, with many SMBs not understanding or addressing the threats they face with mobile devices. For example, a work computer might require a login to turn on the machine, then a password to access the system, and other safeguards to get to email, chat, and so on. Users rarely set up all those hoops on their smartphones—one lost or stolen device can give the finder/thief unfettered access to your company.
Unless you are a tech SMB, most of your employees do not possess any sort of advanced IT knowledge. This isn’t their fault, necessarily, but it does inherently increase the risk of a data breach. As already stated, employees might unwittingly open an email they shouldn’t open or leave their smartphone behind at a coffee shop. They might also use weak passwords and fail to follow best practices with their system usage, or start fiddling with servers and system controls and inadvertently weaken the company’s cybersecurity. Whatever the cause, human error is a significant security threat for SMBs—one 2015 survey attributed 37 percent of data breaches to people just being people. A diligent technology services partner can significantly reduce this risk and educate your employees on best practices so that they aren’t accidentally contributing to the struggle you might face against hackers.
What security threats has your SMB dealt with?