Weak Cybersecurity is taking a toll on Small Businesses

Life among America’s nearly 32 million small businesses has never been easy. According to the Small Business Administration, about 20 percent of small business startups fail in the first year, and half succumb to failure within five years. Larger companies have always had more capital, better access to loans and more staying power.

Lately, survival has become even more difficult for two reasons: one relatively obvious and one less so. Strong demand amid tight supply and high inflation is today’s economic backdrop, and big companies have largely survived because of their size, sophistication and strong ties to suppliers. However, it has been a more difficult path for many small and medium-sized companies, reflecting less purchasing power in the supply chain and less ability to raise wages amid a tight labor market.

This was largely predictable given the times, but the second headache for today’s small businesses, increased cyber security issues, was not.

Because many SMBs haven’t taken cyber security seriously, they are getting breached a lot more. Small businesses have accelerated the adoption of new digital technologies for remote work, production and sales, just like large companies. But they haven’t followed up with significant spending on cybersecurity, even as their expanded computer networks have created new vulnerabilities for phishing and ransomware attacks.

As a result, the risk of a cyber attack to SMBs, which is typically higher than the risk to large enterprises, has grown dramatically over the past two years. In 2020 and 2021, data breaches at small businesses globally increased by 152% compared to the previous two years, according to RiskRecon, a unit of MasterCard that assesses the cybersecurity risk of businesses. This figure is twice as high as among the largest companies in the same period.

Additionally, a 2021 study by IBM revealed that 52% of small businesses had experienced a cyberattack in the previous year, a number that is likely higher now that there are even more cyberattacks. Meanwhile, a recent survey by UpCity, a Chicago-based business services provider, found that only 50 percent of small U.S. businesses have a cybersecurity plan by 2022. Although a small improvement over past, that still means 50% don’t. I don’t have a plan: a major problem.

Given today’s difficult circumstances, it’s no wonder that small businesses are more focused on day-to-day survival. However, long-term survival is likely out of reach without a respectable cybersecurity program. Practically everything, after all, has gone digital. All sensitive personal files are stored on a computer today, and online banking and credit card accounts, as well as financial information for businesses large and small, are accessed. It’s also important to remember that cybercriminals lurk inside and outside company walls.

All of this requires cyber protection, including trained cybersecurity staff and some sort of data recovery and business continuity plan. Unfortunately, however, many small business owners still believe they are too small for cybercriminals to worry about and don’t have enough data to justify a breach.

An important reality they don’t realize is that cyberattacks on large companies are much more likely to attract the attention of federal law enforcement, which no criminal wants. It’s also true that malicious actors know that the world’s largest companies take cybersecurity very seriously. So they’ve increasingly found that instead of fighting an uphill battle, it’s better to target the smaller companies in their supply chains, knowing that their defenses are often much weaker.

Another notion that is often mistaken among small business owners is the financial reality of a cyber breach. Many still think that it is primarily about paying for damages and immediate repairs, more or less similar to other damaging disasters. In fact, much more than that falls on the general ledger, including ransomware payments, lost productivity, increased payroll hours, investigations, regulatory filings, and frequent legal expenses.

There is also the negative impact of bad publicity, in many cases the most affected of all. Eighty percent of consumers will leave a business if their information is compromised in a breach, according to International Data Corporation.

Small businesses need to find ways to more generously fund cybersecurity and seriously plan and create security procedures. They must also adopt ways to better protect data and connected devices from cyberattacks, which like security procedures, are largely about strategy, not finance.

In this regard, here are some tips:

Make security part of your company culture. Studies have found that the human factor was involved in more than 85% of breaches, whether it meant falling for a phishing attack or using easily-crackable passwords. These can be mitigated through expansive awareness programs that don’t stop with a playbook of potential attacks. They also infuse security into the organizational fabric, constantly reminding employees of their responsibility to keep the organization secure.

Deploy anti-malware software and keep it up-to-date. It would be best to have software that protects your devices from viruses, spyware, ransomware, and phishing scams. Make sure it is updated regularly.

Requires the use of strong passwords and two-factor authentication. The easiest way to get into a business network is to guess passwords. Most people use a single password for multiple sites and accounts. All employees must have unique passwords for each of their accounts. Password managers are the best method to achieve this goal.

Back up your data regularly. It is best to have multiple backup copies of your business data. In this way, if you become a victim of several cyber attacks, you are not completely out of the house.

Limit employee access. It makes sense to segment and limit employees to only the systems and data they need to access. By maintaining strict access controls, you will limit the damage any user can do to your network security.

At the very least, these and similar steps can help mitigate cyber stress across the business. According to a recent CNBC/SurveyMonkey Small Business Survey, which regularly polls more than 2,000 small business owners quarterly to gauge their view of the business environment, nearly four in 10 small business owners are concerned about a cyber attack during the next 12 months. Alleviating some of this concern is almost as valuable as stopping an attack.

Robert Ackerman JrAbout the author: Robert Ackerman Jr. is the founder and CEO of AllegisCyber ​​Capital, an early-stage cybersecurity venture capital firm based in Silicon Valley. He is also co-founder and director of the board of DataTribe, a Fulton, Maryland-based seed and early-stage foundry that invests in young cybersecurity and data science companies.

Bob has been recognized as a Fortune 100 cybersecurity executive as well as one of the “Cybersecurity Money Men.” Previously, as an entrepreneur, Bob was the president and CEO of UniSoft Systems, a leading UNIX systems house, and founder and president of InfoGear Technology Corp, a pioneer in the original integration of web and telephony technology.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.

Source link

Related Posts

Next Post