If you think hackers aren’t targeting your small to medium-sized business because you’re “under the radar,” think again. On the contrary, criminals see SMBs as “low-hanging fruit,” with a tempting combination of valuable customer data and inconsistent security. Although more than 95 percent of businesses are considered SMBs, the best-of-breed security solutions available are designed for well-staffed and well-funded enterprise operations.
According to the Department of Homeland Security, 74 percent of small businesses suffered some kind of security breach in 2015. Cyber criminals use phishing, fake invoices, ransomware, and other techniques to steal banking information from the SMBs themselves, in addition to their unrelenting attempts to steal customer information. A recent study commissioned by IBM estimated the cost of a data breach at $154 for every compromised record.
In many ways, SMBs are more at risk due to patchwork solutions, IT teams that are small or underfunded, and little time available for ongoing training. Hackers may not get as many records, but they often find them easier to get and therefore more profitable.
While retail giant Target may have been able to afford the $39 million settlement cost of its 2013 data breach, many SMBs would be bankrupted by a breach a fraction of that size.
The top threats to SMBs usually come in one of these forms:
- Ransomware - Malware, typically distributed via phishing, can encrypt the target company’s data. The criminals then demand payment in the form of untraceable Bitcoin digital currency. A recent variation of this scheme enlists the victim to help spread the malware as “payment” to regain access to their own data.
- Hackers - Hackers access your network, typically through an unpatched vulnerability in one of your applications, in order to obtain customer or employee bank or credit card information. Even with vigilant upgrades, hack attacks are still possible.
- Denial of Service - A Distributed Denial of Service (DDoS) attack maliciously overwhelms a company’s website with massive amounts of input at once from multiple servers.
- Human Factor - Human error is the most difficult form of data breach to prevent, as there may be dozens or hundreds of people in your SMB who have access to sensitive data, yet lack the knowledge to protect that information. Usually, this kind of expertise is unrelated to their job description and therefore not part of their training, and sometimes it comes down to common sense. One form of human error that is gaining in popularity is known as CEO Fraud, in which a criminal sends an email pretending to be the CEO and asking for data. Every employee of every SMB needs to be trained to recognize this type of threat. The other human element is employee integrity. SMB leaders don’t like to think their employees are capable of theft. However, the data shows that a growing number of data breaches are performed by insiders.
The Good News
Of course, SMBs can invest in anti-spam and anti-malware software on all devices used within the organization, as well as frequently updating and patching software, investing in training, adding a VPN for remote employees, and using cloud-based backups. However, it requires a lot of cost and skill to make this patchwork approach somewhat effective.
Another option is to engage a Managed Service Provider (MSP). A large, well-funded MSP, like Vology, can bring enterprise-level security to your SMB and do so in a cost-effective manner. The MSP can provide 24/7/365 monitoring and support while incorporating best practices across many industries and delivering infrastructure at a scale that makes it affordable.