Small businesses NEED to take cybersecurity seriously.
We can’t stress this enough—it doesn’t matter what industry you are in, it doesn’t matter how small you are—your business faces serious risk if you aren’t taking proper precautions.
We would rather not sound dramatic. Trust me, I’d rather be telling you about the cool things Artificial Intelligence can bring to the table for businesses, or how Internet of Things devices can provide incredible automation, but it’s not worth investing in any of it unless your IT is properly secured.
Small Businesses Are Being Targeted By Cybercriminals
Usually, when we hear about a cyberattack, it involves major corporations, public organizations and municipalities, or cities and nations. The headlines don’t usually talk about the small businesses that lose thousands of dollars, or the managers that have to send their staff home for a week, or the business owners that need to file for bankruptcy. It’s a very real problem, nonetheless.
Here’s the thing—if big corporations with expensive IT departments and bigger budgets are getting hacked, a smaller business with outdated protection doesn’t stand a chance.
In a 2021 survey, 5,400 IT decision makers were asked if the organization they work for was impacted by ransomware. 37 percent said yes. These were organizations that had active IT staff.
It’s estimated that there have been an average of 4,000 ransomware attacks every single day in the U.S. since 2016. To a criminal, it doesn’t matter what size your business is. They know the value of your data, and they know that a business will pay good money to gain normality. Very few businesses are going to shrug their shoulders and let all of their data get wiped without considering the options, and if that price is $5000, it’s certainly an option when your livelihood is at stake.
It’s not like it takes a lot of skill for the cybercriminals either. Let’s take a look at that.
The Business of Being a Cybercriminal
First of all, even though we throw around the term hacker, cybercriminals don’t match the old Hollywood trope. We’re not talking about Keanu Reeves in a trench coat or Matthew Broderick from WarGames. Cybercriminals function just like a legitimate business.
It’s often a large office, with policies, procedures, and water coolers. It might be a business that has several different divisions or child companies, or some other complex structure. They might be doing other unsavory work, like selling scammy telemarketing work or committing other types of fraud in the background. It’s even possible that there is a legitimate business on the front.
The point is, cybercriminals aren’t bushy-haired teenagers in the basement sitting amongst day-old pizza crusts and too many computer monitors. They come to work, to an office, and they have a quota. Their job is to make money—your money.
These business entities are bent on getting the best return possible, so they are always tweaking their procedures, optimizing what works, ditching what doesn’t… just like any other business.
Otherwise, there really isn’t anything innovative or fancy about these cybercriminal firms. In fact, they aren’t even really as technical as you might think. It was recently discovered that these types of “businesses” often “employ” victims of human trafficking, and put them to work with a process and give them a quota. It’s horribly disgusting, and yet, legitimate businesses are paying the cybercriminals through ransomware attacks.
Don’t look at a ransomware attack like it’s some random guy from overseas trying to scam you out of money, look at it like it’s a finely-tuned machine of corruption that is forcing you to finance the pain and suffering of a huge number of people.
How Do Cybercriminals Target Small Businesses?
While there are a large number of ways that your business can be impacted by cybercriminals, the main way is through email.
Yep, the oldest way to spread malware is still the most effective.
It’s estimated that one in every 6,000 emails contains some sort of suspicious URL or attachment, which includes ransomware.
The cybercriminals treat phishing the same way a business treats marketing. They build out or purchase a list, they construct the emails, and they blast them out to hundreds of thousands, or millions of contacts.
They track their open rate and click rate, and continue to optimize their tactics to get the most return.
Meanwhile, untrained employees are being tricked into clicking on links that give up sensitive information like passwords and account info, or getting their workstation (and the rest of their office network) infected with ransomware.
In other words, the bad guys are just constantly trying to get ANYONE to make a little mistake, and once the right mistake is made, very little can stop the criminals from getting what they want.
This All Sounds Horrible. How Do I Protect My Business?
There’s no singular solution that will do the job. Your antivirus isn’t up to the task. The fact that you're a smaller business or that you have a spam filter doesn’t stop you from being attacked.
While you still need security protections like managed antivirus, security updates, patches, spam protection, a firewall, a VPN, and others, it also comes down to how your network is configured, and how much access you grant each individual employee. Establishing policies that only grant employees access to the actual data and directories they need can go a long way. Having your network audited regularly will likely uncover potential issues too.
Finally, it takes training. Your staff needs to be trained on cybersecurity best practices, and taught how to spot a phishing attack, and trained in procedures that don’t allow them to overshare or put your data at risk.
You aren’t alone when it comes to this. At Bardissi Enterprises, we help businesses of all sizes meet complex security compliances, and we can help your business protect itself from this rapidly growing threat. Give us a call at (215) 853-2266 to start the conversation.