Many small to midsize businesses (SMBs) operate under the assumption that hackers only target large enterprises. These SMBs believe they have nothing of value for cybercriminals to steal, or that they’re too small or obscure to be noticed.
That’s a very dangerous assumption.
In a recent survey of 1,069 owners of U.S. businesses with fewer than 300 employees, 58 percent said they had experienced a cyberattack. The most common types of attacks included computer viruses (36 percent), phishing (29 percent), Trojan horses (13 percent) and hacking (12 percent). In addition, 7 percent had experienced a data breach and another 7 percent had fallen victim to a ransomware attack.
Such attacks are becoming more common and can potentially cripple an organization’s operations and reputation, and cost hundreds or thousands of dollars to remediate. More than 20 percent of cyberattack victims spent at least $50,000 and took longer than six months to recover. But 7 percent spent more than $100,000, and 5 percent took a year or longer to rebuild their reputation and customer trust.
Part of the reason why businesses are unable to recover quickly from a cyberattack is that a majority of owners are not prepared. In fact, 57 percent of businesses do not have a dedicated employee or vendor monitoring for cyberattacks — and therefore, could be victims without even knowing it. Further, most have not implemented a cyberattack response plan (76 percent), a plan to protect employee data (57 percent) or a plan to protect customer data (54 percent).
The vast majority of business owners say it’s important to establish the cybersecurity best practices recommended by the U.S. Small Business Administration. However, fewer report actually following those best practices:
- Protect against viruses, spyware and other malicious code: 85 percent versus 65 percent
- Secure networks: 85 percent versus 58 percent
- Make backups of important business data and information: 85 percent versus 59 percent
- Establish security practices and policies to protect sensitive information: 83 percent versus 50 percent
- Control physical access to computers and network components: 81 percent versus 60 percent
- Require employees to use strong passwords and to change them often: 80 percent versus 52 percent
- Educate employees about cyber threats and hold them accountable: 76 percent versus 42 percent
- Protect all pages on public-facing websites, not just the checkout and sign-up pages: 74 percent versus 42 percent
- Employ best practices on payment cards: 73 percent versus 47 percent
- Create a mobile device action plan: 64 percent versus 26 percent
SSD Technology Partners offers a full suite of solutions and services to help SMBs implement and follow security best practices. Our approach focuses on the greatest threats to your organization, and balances strong security with ready access to applications and data. We can help you identify the employee behaviors and workarounds that put your business at risk, and develop policies, procedures and educational tools that close those gaps.
It’s a bad idea to assume your business won’t fall victim to a cyberattack. Let us help you develop a commonsense cybersecurity strategy that protects your systems, data and brand.