Cybersecurity for Small Business by the Numbers

When it comes to cybersecurity for small businesses, there’s one thing we can all agree on – cyber-attacks will persist. Unfortunately, they will do so with increased numbers and a more systematic fashion.

 

Statistics can be tiring. No doubt, you’ve seen your fair share. But the data remains telling. And what they continue to speak is that we’re looking at record numbers of data breaches and ransomware amounts and alarmingly more frequent rates. For the record:

• Data breaches have already exceeded those from last year (ITRC).
• Ransomware attacks will happen every two seconds, thanks to advanced malware payloads (Cybersecurity Ventures).
• Ransomware payments increased 82% to a record $570,000 in the first half of 2021 (Palo Alto Network Unit 42).
• Supply chain security breaches impacted 97% of firms (BlueVoyant).
• Supply chain attacks rose 42% in Q1 this year.
• Finally, Internet of Things (IoT) devices suffer an average of 5,200 cyber-attacks monthly (Cyber Magazine).

Is that enough to bore you?

Well, maybe this will get your attention. So let’s look at cybersecurity-related specifically to small and medium-sized organizations.

Cybercrime for Small and Medium Businesses

We’ve long since passed the point where you can claim threat attackers won’t target you as a small business owner. YOU WILL.

Sorry, but here are some more statistics you should take note of:

• 43% of cyber-attacks target small businesses, but only 14% of those small businesses have the tools in place to defend against a cyber threat (Embroker) adequately.
• 45% of small and medium businesses (SMB) indicate ineffective cybersecurity processes (Ponemon Institute).
• 66% of SMBs experienced a cyber-attack with the past 12 months.
• 69% of SMBs state attacks are more targeted.

 

If attacked successfully, you’ll endure long-term costs for the breach. But, more importantly, the effects can extend months or even years owing to extended costs that include data loss, business disruption, system downtime, notification costs, and more. Plus, most SMB owners fail to recognize the damage done to their company’s brand.

 

By the way, the most prevalent attacks on SMBs are phishing (57%), compromised or stolen devices (33%), and credential theft (30%).

OK. You get the point.

Now, here’s the big question: What can you do to protect your small business from cyber threats?

15 Proven Ways to Improve Cybersecurity for Small Business

So, what can you do to avoid becoming another statistic? Generally, there are some sure-fire IT solutions to improve your cybersecurity posture significantly as a small business. Realistically, the more of these solutions you deploy, the more secure your operation.

One of your best weapons is diligence and establishing a cyber-aware organization. Apart from that, here are 15 IT solutions that, used collectively, will put you on the path to becoming virtually hack-proof.

1. Cybersecurity Training 

What your employees don’t know can hurt you. So, a little training can go a long way to eliminating cyber-attacks. Cyber awareness training, for example, alerts employees on the queues associated with cyber threats.

It also helps create a more cyber-driven company culture where employees check links and email addresses before clicking or responding. In addition, training can inform employees about keeping sensitive data on personal devices and downloading files from unverified sources.

According to the Aberdeen Group, cyber awareness training can reduce security by 70%.

2.  Next-Gen Firewall

This solution is the quintessential no-brainer. When used to enforce security policies, firewalls block more than 90% of network attacks. But, of course, hackers know that and devise even more sophisticated attacks to circumvent firewalls. Remember, no single IT solution will block a hacker. So, you’ll need layers of security. But a firewall is a must starting point.

3. Microsoft Configuration

Let’s face it. Microsoft is a significant target for threat actors. Why? First, it’s the most common business computer tool in the world. Second, cybercriminals target Microsoft through macros – resources used to complete tasks more efficiently.

Macros deliver code, and hackers often exploit it to introduce their instructions. You reduce your risks by going into Microsoft’s setting and only allowing trusted macros. In addition, make sure users only add new macros from properly vetted resources.

4. Routine Software and System Updates

Another simple solution. Failing to update software, for instance, may lead to crashes or system failures. Worse still, it leaves an open door for hackers.

According to reports, 80% of breaches are preventable if an organization updates its software. In many instances, you can automate software and system updates. However, for those you can’t, set up a schedule for manual updating.

5. Whitelist/Blacklist Applications

Every business has essential applications like email, payroll, scheduling, and more. Whitelist those applications. By the same token, if you’re aware of applications that might prove a threat to your business, blacklist them to avoid compromise.

6. Data Backups

OK, so data backups won’t prevent a cyber-attack. But they’re still mandatory to allow you to recover from a cyber-attack. In addition, backups may also save you from having to pay a ransom. But did you know that 60% of backups are incomplete? Plus, more than 50% of data restores fail (Hosting Tribunal).

7. Password Practices

How’s this for scary? Fifty-one percent of people use the same passwords for work and personal accounts. Plus, another 57% of people, even though already scammed, continue to use the same password. Moreover, “123456” is still used by 23 million account holders (DataProt).  

At the very least, you need to implement appropriate password protocols or even deploy a password manager. In addition, many experts recommend eliminating passwords in favor of user and entity behavior analytics (UEBA) strategies.

8. Deploy Multi-Factor Authentication

MFA blocks malicious actors by requiring a second authentication factor versus your password alone. Microsoft, for example, has touted MFA as having the capability to block 99.9% of cyber-attacks.

MFA is a simple tool that adds verification layers to confirm the identity of users. Best of all, applications and services widely support it. So even if a hacker comprises a password, the second security stage helps prevent a breach.

Unfortunately, SMBs seldom enable MFA. For example, only 34% of employees at companies with 26-100 workers use multi-factor authentication. However, for organizations with fewer than 25 employees, its use drops to 27%.

9. Identity Access Management 

IAM defines and manages user access privileges. It reduces points of failure and even adds tools to catch mistakes. As a result, a survey by KPMG reported that 92% of companies plan to increase their investment in IAM.

Zero-trust is a crucial practice of identity access management and quickly becoming the most affordable and critical component of cybersecurity. Indeed, it has even reached federal policy levels, as President Biden’s executive order in May of this year called for increased national cybersecurity through the use of zero-trust, MFA, and improved encryption.

10. Endpoint Security

Even as a small to medium-sized business, your endpoints continue to expand. For example, remote workers, IoT devices, wi-fi connections, smartphones, laptops – each of these devices present security risks requiring endpoint security best practices.

Ponemon Institute determined that 68% of organizations experienced one or more endpoint attacks in the previous 12 months. Plus those attacks compromised data or the company’s IT infrastructure. In addition, 68% of IT professionals cited an increase in endpoint attacks.

Indeed, endpoint vulnerabilities have become so prevalent that the global market for edge computing projects to $250 billion by 2024. As a result, next-gen endpoint security has emerged as a more trusted IT solution for endpoint protection.

11. Mobile Device Policy 

Your employees rely on mobile devices for checking emails, opening and sending documents, video conferencing, and much more. But here’s the catch. At least 40% of mobile devices worldwide are inherently vulnerable to cyber-attacks.

Despite the wide use of mobile devices for business (90% of U.S. employees use their smartphone at work),  companies, especially SMBs, are typically lax about their use:

These figures reflect the need for organizations to pay much greater attention to mobile devices policies or suffer the consequences. But only 64% of companies have a written mobile device security policy.

12. Incident Response Plan

Like data backup, an incident response plan doesn’t prevent a cyber-attack. However, it does allow for proactive management of a cyber incident in the event of a successful breach.

Even though an IRP mitigates your risk and helps control an incident quickly, 77% of organizations have no such plan, according to IBM. Moreover, even if they have a plan, they fail to test it regularly to make sure it will work as planned.

13. Continuous Network Monitoring

Unfortunately, when it comes to your network, the notion of “set-it-and-forget-it” doesn’t apply. Well, not unless you’re looking to open doors for a cyber breach. Networks require 24/7 monitoring — period.

Now, of course, as a small to mid-sized business looking at cybersecurity, you may think that’s improbable. But, the good news is that there are resources to help. For example, more advanced managed IT service providers typically partner with a Security Operations Center.

A SOC ensures continuous network and traffic monitoring. Equally important, it actively looks for threats to mitigate them quickly. And best of all, SOC services are surprisingly affordable when purchased through an IT company.

14. Cyber Insurance

Unless you’re actively deploying many of the cybersecurity IT solutions presented, there’s a good chance you’ll not only experience a cyber-attack but likely a successful cyber-attack. So, it pays to have cyber insurance.

As you might expect, premiums continue to rise. Most insurers, for example. have increased their premiums by 50% or more. Needless to say, as cyber threats continue to evolve, you can expect even higher premiums in the years ahead.

Despite the threat landscape, slightly more than 33% of U.S. companies have a cyber insurance policy.

15. Get Help From Experts

When it comes to cybersecurity for small businesses, here’s the final piece of advice — get help with some level of IT support. Unfortunately, the cyber-world is too large and too evolutionary for you to handle it alone. So a few well-invested dollars with a managed IT services firm or cybersecurity company near you can go a long way to preventing you from becoming a statistic, as mentioned earlier.

How Are You Handling Cybersecurity at Your Small Business?

So, what’s your approach to cybersecurity? Hope nothing happens? Put a firewall and anti-virus software in place?  Go to bed at night and say a prayer?

Our IT support company gets small and medium-sized businesses. It’s what we do. As a result, we deliver an array of IT services designed to make your business more efficient. But equally important, we’ve designed our IT support to make you safe.

We provide a layered security solution that substantially reduces your risks so you can sleep at night. So talk to us. Plus, we’ll get the ball rolling with a FREE penetration test. We’ll identify what data is open to hackers to help you fix and avoid a breach.