6 MIN READ | SMALL BUSINESS CYBERSECURITY
Lately, the news seems to be flooded of reports of ransomware attacks. The Colonial Pipeline, JBS Foods, Kia Motors, and even the NBA (National Basketball Association) have all been victims of these attacks. These attacks made national headlines because they impacted so many, but are large organizations the only targets?
Sure, hacking a major corporation or international brand can score cybercriminals a great payday, but these same organizations have more robust systems in-place as well. This makes that payday take more effort.
Small and medium sized businesses are much easier targets because many have little to no network security to guard themselves from such an attack. In fact, in 2020 alone, there were 304 million ransomware attacks (up 62 percent from the previous year), and that isn't even a record.
2016 showed the most ransomware attacks on record, with over 600 million! 2021 is looking to be more lucrative for hackers, though, with -at the time of this article's publishing- attacks increasing at a rate of 102% compared to 2020.
Why Are Ransomware Attacks Rising?
A number of factors have contributed to rising ransomware attacks:
Cryptocurrency becoming more popular. With online currency like bitcoin becoming more widely accepted, it's easier for hackers to encrypt data, demand a ransom and get paid with little risk.
Why is this?
Cryptocurrencies are untraceable. In addition to most cyberattacks in the US being carried out by foreign hackers, this added layer of anonymity makes it even more difficult for investigators to pinpoint exactly where a hacking threat is occurring.
Work-from-home becoming more popular. Remote work has been a thing for a while now, but the global pandemic kicked it into high gear for most companies. Unfortunately, companies were able to move toward virtual meetings and workforces quickly, but not all IT departments were able to keep up.
Simply put, remote workforces are harder to protect. But why is that?
It is a well understood that an organization's employees are its greatest assets and greatest weaknesses. Many companies make great efforts to ensure its employees are well trained on how to spot phishing attempts and suspicious links.
But with the rapid implementation of remote work, company assets (e.g. laptops) entered unprotected and un-trained space. Hackers don't care who let them in, they just care that they gained access, so when little Jimmy used his dad's laptop to play games online, a vulnerability was created.
Additionally, the use of home WiFi and public internet has made work-from-home employees more vulnerable to attacks. Most employees aren't aware that your home internet router is a firewall... with all of the ports open for hackers to enter. Small vulnerabilities like this make working from home tougher on an IT department.
RELATED: What is a VPN?
Why Are Small Businesses Hacking Targets?
Small businesses are small fish to hackers. That's no secret. The payout of a hacker infiltrating the network of a small business is significantly lower for a $10 million company versus a billion dollar company. But it's also significantly easier.
Billion dollar corporations have vastly greater resources to withstand hacking attempts than companies that are significantly smaller. They are able to employ teams of experienced professionals whose only jobs are to keep their company's technology protected and working.
Simply put, small businesses often treat dedicated IT professionals as more of a luxury than necessity. Often, these positions are covered by a tech savvy employee who is doing double duty, like serving in the admin or sales and marketing department.
Additionally, billion dollar companies can afford a reputation hit. What was the last billion dollar corporation that you heard about going under after a ransomware attack?
But the reality is that over half of the small businesses that are hit by ransomware go out of business 6 months later. This is because the ransomware costs a small business money, but the reputation damage costs more. How many customers will keep coming back when a small business compromises their personal data?
Unless that small business has something no one can get elsewhere, chances are that customers will find more "secure" means to do business by taking their money to someone who hasn't had their sensitive data compromised.
Small Business Cybersecurity: What Can Be Done?
We've established why small businesses are easy targets for cybercriminals and why a successful ransomware attack is so damaging for a small business to experience.
But what can be done about it?
After all, smaller organizations wish for the same level of robust security as their billion dollar counterparts, but there is a limit to the dollars that can be dedicated to such an effort.
As mentioned earlier, many turn to part-time help from a savvy employee, some rely on basic anti-malware software, and others seek outside assistance. Let me be clear, having something in place is better than having nothing, but the reality is that you aren't likely to have a cyber breach without someone in your company accidentally inviting a hacker inside your network.
90% of breaches are caused by human error. This means you need systems in places to train employees and recover from a breach when - not if - a breach occurs.
Managed services providers (MSPs) by a third-party are an excellent option for companies who do not have the resources to hire an in-house team. In some cases, MSPs are leveraged to lessen the workload of an IT department, so they can focus on more important internal tasks.
Not all MSPs are created equal, though. As you might have guessed, managed services providers offer a variety of pricing options and services, and all may not be a fit for your company. Many offer reasonable rates per month with a set number of support hours. These often charge a premium when a company needs more than the allotted hours in a given month.
Others offer a flat-rate IT service that is all-inclusive. This can be more beneficial to a company that has more fluid IT needs, with some months being busier than others. If unexpected support is needed (as it often is), you don't have to worry about getting a larger bill that month, making it easier to budget.
Regardless of the decision you make, just make sure to make one. In-house or managed IT services may be an additional cost to the bottom line, but it is better than getting hit with ransomware and being out of business 6 months after. Considering that ransomware victims paid $406 million worth of cryptocurrency to hackers in 2020 (a +300% rise over the previous year), you're simply rolling the dice on your company's future if you wait.
RELATED: Cyber Insurance: Do You Need It?
Interested in learning more about managed IT services provided by Standard Office Systems? Contact us today and see how we can increase efficiency and protect your network to give you ultimate peace-of-mind.
Posted by Andre Schafer
Andre Schafer is a Technical Account Manager at Standard Office Systems. He has spent his entire career in the Office Technology and IT fields. For nearly 30 years, he has held various roles, including Technician, Trainer, Analyst, and Account Manager. Andre’s focus has always been to understand his customers' business needs to provide the appropriate technologies and services.