Most small business owners have a mindset that hackers don’t want to target them. This is far from the truth. Hackers understand that big companies have the resources for sophisticated security and small businesses don’t. Small businesses are now big targets for hackers.
Small businesses’ percentage of IT budget directed to security has been increasing from 4.9 percent in 2010 to 7.9 percent last year, according to Ponemon Institute’s annual IT security tracking study, but their spending on security still is no comparison to big companies.
Many small businesses are under-capitalized and outgunned, which makes them great targets for hackers. Hackers sometimes target small businesses with the goal of breaching a larger company connected to the small business. Target’s data was famously breached. But few people know that the company’s vast database was actually hacked through its HVAC vendor. That attack ended up costing Target $39 million in settlements and affecting 40 million customers.
These breaches can be devastating. Small businesses may have access to huge amounts of data. So after a breach, small businesses can find themselves out of business and dealing with big lawsuits.
Small Businesses in State Capitals at Greater Risk
If your small business is located in a state capital, your risk is even higher. Computers in America’s state capitals have 224% more infections than the rest of their home states. That’s according to data recently released by ESG, makers of the anti-malware program SpyHunter. ESG looked at the malware infection rates detected on SpyHunter in each state capital and compared it to the average infection rate for the entire state.
In 43 of the 50 states, the infection rate was higher in the state capital, in some cases, dramatically so. The capitals in Georgia, New York, Utah, South Carolina, West Virginia, and Pennsylvania each had infection rates that were more than 500% higher than the rest of their respective states. On average, the infection rate in capitals was 224% higher.
“It didn’t matter if it was a big state, small state, large capital, or small capital, infections were almost always higher,” said ESG spokesperson Ryan Gerding. Because ESG’s infection data doesn’t identify exactly who is being infected or how they got the infections, it’s tough to know for certain exactly why infections rates are so much higher.
As More Cybercriminals Target Small Businesses, What Can You Do?
Start with a Risk Audit
The best defense starts with a basic security audit of key assets. Companies who analyze risk better manage cyber threats. Smaller businesses should undertake risk audits to help define the areas they may be at most risk. Take a step back and know what you need to protect.
You may be surprised at the amount of data that needs protecting and the number of vulnerabilities your small business has; because whether you realize it, or not, all of your data is valuable.
Employee Error
Many malware attacks may begin with simple employee error, such as clicking on a malicious link. Accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem. According to insurer Beazley’s Breach Insights findings based on its U.S. client data in the first six months of 2017, breaches cause by employee error account for 30 percent of breaches overall, only slightly behind the level of hacking and malware attacks.
Small businesses should create a culture of security. Security awareness training for employees is one of the most important and effective means of reducing the potential for costly errors in handling sensitive information and protecting company information systems. Awareness training can ensure employees have a solid understanding of employer security practices and policies, as well as the tell-tale signs of an attempt to gain improper access to computer systems and confidential information.
Back Up Data
Regularly backing up data is the most important thing you can do. Automatically storing your backup in a secure cloud is great defense. Malware can delete files, or worse, hackers can encrypt your entire computer effectively blocking you from retrieving any of your files unless you pay a hefty ransom.
In 2016 San Francisco’s light rail transit system was thrown offline for the entire day by hackers. The attackers demanded 100 Bitcoins, worth about $73,000, but the SFMTA refused to pay the ransom, stating they “have an IT team on staff who can fully restore all systems”, as reported by USA Today. Which was possible only because they have adequate backup in place for situations like this. It was operational the next day.
It’s also a good idea to have a backup stored on a physical drive. Have the physical backup located off-site in case of fire, physical theft, or some other calamity.
Bottom Line
Small businesses need to realized they are being targeted by hackers. Start with a risk audit and realize you are at greater risk if you are in a state capital. Backup your data and ensure you have a training program in place to minimize employee error.
Photo via Shutterstock