It seems that all but the largest cyber-attacks are now fading from the news. It’s certainly not because there are fewer attacks these days – the number of cyber-attacks are increasing both in number and severity. As a managed IT Support company highly focused on cyber security, we keep on top of these things, but the reason you aren’t hearing about the increased volume or severity is simply that we, the public, have already heard so much about cyber this and cyber that, that we tend to become desensitized so the media stops reporting. That’s unfortunate because the fact is, virtually every business is at risk.
Somewhere between 43% and 91% of cyber-attacks are against small to mid-sized businesses (depending on how you calculate “small to mid-sized business”.) In spite of this, a recent Better Business Bureau report shows that 70% of small to mid-market (SMB) owners believe that they are not likely to be targets of cyber-attacks (stealing banking credentials, ransomware, etc.) although these are the companies in cyber-criminals’ sights.
It’s the old “it may happen to someone else, but not to me” syndrome. It’s a disconnect from reality. And this same BBB report showed that 80% of these same business owners were aware of the disastrous potentials of cyber-attacks, but, of course, it couldn’t happen to them! The report goes further to explain why the lack of urgency and why the commitment wasn’t there:
Lack of Cyber-Education
On the surface, cyber-education is easy to understand, but when you start to dig deep, the complexity really shows. Most small to mid-market companies do not have the trained IT professionals they need to properly protect themselves. Hiring an IT staff is a big step and continued training of these individuals, while critical, is expensive and time-consuming. Retaining the services of a managed IT support company is a great option, but selection is difficult because, quite frankly, most of the people within an organization who make the IT support selection, as intelligent and experienced as they may be in business, simply do not have the background to make the very best choice. Selection may be left to choosing which ever company offers the best price. (See our article on Has Managed IT Support Become a Commodity?)
If you have an in-house IT department, on-going cyber security education is a must. It should also be required for every employee.
Lack of Resources
A recent article in Forbes stated, not surprisingly, that many small to mid-sized businesses lacked the resources to implement the level of security precautions that they require. Also, not surprisingly, cyber criminals know this and that’s why they attack small businesses. Their “reward” for breaking into a large corporation may be substantial, but difficult to achieve, so why not go after a large number of smaller prizes?
But there are many things an SMB can do.
1: Education – there are a great number of online resources that can help with cyber security education. Use them
2: Be on the lookout for malicious “phishing attacks”.
3: Avoid bookmarks and shortcuts. Criminals can actually modify these.
4: Never use public WiFi. The hotspots at cafes and coffee shops are not as secure as you would like to think.
5: Use spam filters, content filters, and email encryption.
6: Have an in-depth conversation with a Managed IT Service provider, whether to managed your entire IT infrastructure or to provide valuable assistance to your in-house team (learn about DynaSis Co-Managed/Co-Sourced IT Assistance.)
Lack of Time
No one doubts that running a small company is very time-consuming and we understand that overlooking something that’s “invisible” like cyber security is easy to do, especially when it’s not high on your comfort level scale. But consider this: the most basic goal of cyber security is to keep criminals out. Would you leave your office for the night without locking your front door, even if you were pressed for time? Think about this: going back to the BB report, 80% of consumers would not make a purchase, even though they wanted the product, if they suspected their data was not protected. This is why a large percentage of SMBs whose data is compromised go out of business within six months of a cyber-attack, especially if it is reported in the media.