A cybersecurity plan for my small business? You’re thinking, “I don’t need one.” And you’re not alone. According to a study published in TechRepublic in 2019, 66% of small and mid-size business owners don’t believe they’re at risk of a cyberattack. However, this is not the reality of cybercrime. According to Symantec, 43% of small businesses are targeted by cybercriminals. The problem is compounded by the fact that most small business owners lack cyber insurance. The financial and reputational damage puts 60% of SMBs out of business within six months after a hack. Therefore, you must be proactive and implement a cybersecurity plan.
Small Businesses are Not Safe From Hackers
Between 800-1,500 small businesses were affected by a ransomware attack on July 5, 2021. The target was Kaseya, a U.S.-based information technology firm. However, the victims were primarily Kaseya’s customers. Kaseya provides software tools to outsourcing shops that handle IT tasks for businesses too small or unable to afford a tech department. Unfortunately, one of its tools was compromised, and hackers paralyzed hundreds of SMBs on five continents.
The majority of the victims are small businesses, including accountants, doctors, dentists. In Sweden, the attack forced the shut down of supermarkets because the online cash registers were disabled, and in New Zealand, schools were forced to close. The hackers demanded $70 million to restore all affected data.
The Pandemic and Its Impact on Digitization
The pandemic created a nightmare for the entire world. In the face of forced closures, everything went online. Consumers turned to e-commerce to take care of all their needs. Businesses with no online presence either created one or faced permanent closure. Even SMBs with a small digital presence, such as a website and social media channels, found that they needed to digitize their entire business model. The result is that the attack surface expanded, and cybercriminals wasted no time exploiting the new vulnerabilities.
Enlarging your online footprint also means storing more customer data on your servers, such as credit card information, addresses, and phone numbers. But even if you’ve managed to maintain an offline presence, you still have third-party applications and online services that you access daily.
Remote and Hybrid Work Environment
CEO of Guardian Digital, Dave Wreski, said that there had been an increase of 600% in phishing attacks due to COVID-19. A phishing attack on a small company can be devastating financially and also to their brand reputation. Rashaad Bajwa, CEO of Domain Technology Partners, notes that remote access of confidential company files from home computers and mobile devices has also created new vulnerabilities.
Ransomware Attacks Are on the Rise
More than half of all ransomware attacks are against small businesses with less than 100 employees.
You Need a Cybersecurity Plan to Protect You From Supply Chain Hacks
The July 5 Kaseya cyberattack was a supply chain hack. Cybercriminals targeted software vendors or IT service providers and thereby infected Kaseya’s customers. The attack impacted more than 1,000 small and mid-sized businesses. According to cybersecurity experts, supply chain hacks are a looming security disaster for the SMB industry.
How does a supply chain hack work?
Rather than exploiting a weakness in the security of a single company, supply chain hackers infiltrate a trusted company that supplies IT services to many small and mid-size businesses. They insert malware into the “supply chain” of software updates that the provider uploads to their customer’s computers. IT management firms have unlimited access to their customers’ computers, making it easy for hackers to install a virus without detection. It can spread instantly to thousands of computers simultaneously. By demanding collective ransom, cybercriminals believe they can up the ante and secure even more considerable payouts.
How do you protect yourself from supply chain hacks?
Cybersecurity experts say that protection from supply chain hacks is not easy. If you outsource your IT and other digital services, you’re at risk. They recommend you do at least these three things:
- Make a list of all outside IT and external software vendors. Try to limit the list as much as possible. The more vendors you use, the greater your exposure.
- Ask your outside vendors what kind of cybersecurity plan they have implemented to keep themselves safe from hackers. Increased reliance on internet-connected management tools means that you have to be more diligent in demanding that your vendors take steps to protect you.
- Cybersecurity experts recommend that you review how your IT providers install software patches. David White, president of Axio, a cybersecurity firm, says it’s time to move away from the “patch as often as possible, as quickly as possible” routine. In some cases, White says, reliable IT providers are not implementing the necessary antivirus protection in their haste to install the patches as quickly as possible.
Yes, You Need a Cybersecurity Plan for Your Small Business
Begin by assessing your risks:
- Is someone on your IT staff responsible for cybersecurity monitoring? Or have you outsourced cybersecurity protection?
- Are your employees adequately trained in cybersecurity risk management?
- How secure is your network?
A Recommended Cybersecurity Plan From the Experts
Install software updates as soon as they are released.
- Software updates include the latest patches to defend against current threats.
Establish a routine for assessing your risk footprint.
- Install vulnerability scanning tools that will monitor your website, databases, networks, and software. Vulnerable network infrastructure is an open door to hackers.
- Use firewall protection, VPNs, and antivirus software.
- Remind your team they should not disable the antivirus systems you’ve enabled to make it easier for them to download or transfer files.
Provide training to your team.
- Education is prevention. An IBM study reports that approximately 95% of all cybersecurity breaches are due to employee error.
- Plan routine training meetings to bring your staff up to date on the latest threats and security requirements. Answer questions and share ideas for more robust cyber defense strategies.
- Educate your staff about the most common cybercrime tactics, such as phishing, malware, social media spam, and social engineering attacks.
Use strong passwords or two-factor authentication.
- One of the most common weaknesses exploited by cybercriminals is weak password protection.
- Require everyone on your team to use two-factor authentication or use a virtual private network and set up a password manager profile for all employees. Use both for maximum protection.
- Affordable multifactor authentication tools such as free MFA tokens from Microsoft or Google Authenticator provide an extra layer of security against cyber attacks. Even if a hacker steals the password, they won’t have access to the employee’s mobile to enter the login credentials.
Back up all your data.
Ransomware attackers lock access to all your files and data and then demand that you pay them—the more extensive your data, the higher the ransom. Additionally, there’s no guarantee that you will have full access to your locked data even if you pay the ransom. Therefore, backing up your data is critical. Cloud-based data backup is highly recommended by cybersecurity experts because there is less risk of data corruption. And your team can access data no matter where they are.
Protect all devices.
Suppose you are one of the many small businesses that have switched to a hybrid working environment. In that case, you should take steps now to protect all devices, including laptops and tablets, phones, etc. Install the same data encryption, password management, and software updates to all devices your employees are using remotely.
Cybersecurity Tools for Small Businesses
A dedicated IT staff is the optimum tool to prevent your business from cyber-attacks. Still, if your budget can’t afford it, the Small Business Association recommends these resources.
- The Federal Communications Commission (FCC) cybersecurity planning tool helps you build a cybersecurity plan relevant for your business.
- Department of Homeland Security (DHS) offers a Cyber Resilience Review to assess your resilience to cyber attacks. You can do the assessment yourself or secure a facilitator.
- DHS has another tool that can help you secure your internet-facing systems from known vulnerabilities. The agency’s cyber hygiene vulnerability scanning gives you a weekly report from which you can immediately safeguard your data.
- Supply Chain Risk Management Toolkit developed by the DHS Cybersecurity and Infrastructure Agency will help you protect your business information and communications technology from supply chain hacks.
A cybersecurity plan will not only save you money but will protect your reputation. You may recoup the financial loss, but the damage to your brand reputation can be so severe that you don’t recover from the cyber attack. So no matter the size of your business, you need a cybersecurity plan.