The other day, one of our clients asked me about network security; specifically he asked about the top cybersecurity threats to small- to medium-sized businesses. It is a great question—one I’ve been asked time and time again since a recent Symantec study found that 40% of cyber-attacks are against organizations with fewer than 500 employees. (In fact, Optimal Networks employees have been asked about cybersecurity for SMBs so frequently that cybersecurity took the #1 slot in our biannual tech trends brief.)
Even more startling than the rate at which cybercriminals are attacking SMBs? According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year. And of those, some 60% go out of business within six months after an attack. Why?
Because small companies act as gateways to larger companies, and they are not adequately prepared to defend themselves against attackers—or prevent attacks altogether.
One reason for this is that businesses feel they are safe, despite reporting across a variety of industry surveys that they lack robust cyber-attack defenses and protective employee policies.*
What are cybercriminals after when they target small- to medium-sized businesses?
Your data, your clients, your vendors…but most of all, your vulnerability. Smaller companies are attractive because they tend to have weaker online security and are often gateways to larger companies.
What are the top cybersecurity threats to small- to medium-sized businesses? (How are cybercriminals accessing them?)
- Absence of Password Policy. If you allow clients or vendors to access private info on your network via a password, you better make sure you have a comprehensive password policy in place. Is two-factor authentication required? How long do passwords need to be?
- Website. Often SMBs don’t invest enough money in securing—and regularly patching—their website. This is how many cybercriminals can gain access to company networks and distribute malware to all visitors.
- Connected Devices. Routinely, cybercriminals gain access to networks (and data) through connected devices—like printers. Do you have security measures in place to protect against a lateral attack of this nature?
- Your Employees (or Former Employees). What happens to desktops, laptops, and mobile devices when an employee leaves your company? Are security measures in place to ensure mobile devices are wiped clean and access is denied?
What can small- to medium-sized businesses do to better protect themselves against cybercriminals?
Do your policies address system usage and access, and ways to manage change? Do they provide an audit trail for you organization? Do they dictate how to handle an employee leaving or being terminated? Do you have a comprehensive BYOD plan in place to protect your data?
Evaluate your current security elements and policies by asking:
- What do we intend to protect?
- How are these elements being protected?
- Do our policies and operations support the protection of these elements?
From comprehensive data security policies to regular security audits, being overly prepared is better than being victimized. And it could be the only thing that keeps you in business should you become the target of a cybercriminal.
*Recent surveys conducted by the Small Business Authority, Symantec, and the National Cybersecurity Alliance