For many small businesses, breaches and hacking seem like distant threats that happen to someone else—some larger and farther-reaching organization that cybercriminals prefer to target.
In fact, the opposite is largely true. The majority of business security breaches occur at small- to medium-sized businesses, where cyber security is minimal. As with any thief, the easier the target, the more attractive. To skilled cybercriminals, making away with a cache of payment card information and customer data from unsecured small businesses is as simple as plucking a flower from the ground.
A 2016 Symantec report found that small businesses (1 to 250 employees) made up 43 percent of target spear-phishing attacks in 2015, while medium-sized businesses (251 to 2,500 employees) accounted for 22 percent of the year’s attacks.
While the same report did indicate that the risk ratio for small businesses was only about 3 percent—meaning only 1 in 40.5 small businesses experienced attacks—that number is still significant since each attack tends to be more successful in smaller, less secure businesses than in larger companies where cybercriminals have to “play the long game” to achieve infiltration.
Worse, the impact of these attacks on small businesses can be staggering. According to the Denver Post, 60 percent of small businesses that suffered a breach or cyberattack went out of business within six months. More, the number of attacks, range of threats, and variety of targets is only growing with each year.
So, should small- to medium-sized businesses care about internal business security?
The answer is a resounding yes.
In fact, with only a slight investment in basic internal policies that every employee is required to follow and some dedicated prevention software, most small businesses can remove themselves from the “easy target” list and avoid being targeted by all but the most determined hackers.
Below are some simple but effective methods for improving business security standards within small- to medium-sized businesses that will work to scare off any cybercriminals looking for an easy target. While even the most thorough security protocols cannot protect a business completely—hackers can be a creative and determined bunch—most criminals will not bother with smaller organizations that require too much effort, since the time and energy investment is not worth the potential reward.
Employee training
According to Symantec, attacks targeting employees instead of directly targeting the company have increased by 55 percent in the last year. Employees need to understand the nature of the threat in order to prevent mistakes that can allow cybercriminals access to the organization.
Require strong, unique passwords
This might seem like an oversimplified way to ensure business security, but that’s mostly because the majority of users create simple, easily hackable passwords. Require employees to use passwords that are different from their personal accounts, at least 10 characters long (if not more), with a combination of numbers and symbols. Also, make sure that internal policies include locking computers before leaving and that access is not wide open. For instance, a retail associate should not have the password to any bookkeeping records. Those need to be locked and sealed.
Invest in prevention, encryption, and backup software
It might be a factor most business owners did not expect to factor into their operational budget, but business security should be a top priority for all businesses, including the smaller ones. Anti-virus programs, firewalls, email scanning, and internal file encryption for employee and customer information can save any business from serious headaches in the future. It pays to invest early and prevent the damage from ever being done.
The threat is only growing. With each passing year, cybercriminals become bolder and more creative in how they are accessing private, valuable information from businesses of all sizes. Making business security a priority now—before it’s too late—can make all the difference in whether a business survives and thrives in the coming years or struggles to make ends meet after a devastating internal attack that could have been prevented.
