Have you felt more secure from cyberattacks because you have a smaller business?
I speak to small business owners that always say: "We couldn’t possibly have anything that a hacker could want?" or even "I don't think they even know about my small business."
Given that we work with businesses mainly in Mount Isa and Gladstone, this is especially prevalent. Just because we live a country town, doesn't make our internet connection any less open to global attacks.
A new report by cybersecurity firm Barracuda Networks debunked this myth. Their report analysed millions of emails across thousands of organisations. It found that small companies have a lot to worry about when it comes to their IT security.
What they found was actually quite shocking.
Employees at small companies saw 350% more social engineering attacks than those at larger ones. The definition of a small company is one with less than 100 employees.
This means small businesses are actually at a higher risk of falling victim to a cyberattack. We’ll explore why below.
Why Are Smaller Companies Targeted More?
There are many reasons why hackers see small businesses as low-hanging fruit. And why they are becoming larger targets of hackers out to score a quick buck.
Small Companies Tend to Spend Less on Cybersecurity
Sometimes it can be this simple. When you’re running a small business, it’s often a juggling act of where to prioritise your cash. Cybersecurity may be important to you, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures. And the never-ending cycle continues.
Small business leaders often don’t spend as much as they should on their IT security. They might buy an antivirus program thinking that’s enough to cover them. But, with the expansion of technology to the cloud, that’s just one small layer. The simple truth is you need several more layers.
You need more layers because hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation, especially one that values cyber security.
Every Business Has “Hack-Worthy” Resources
Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, TFNs, bank details, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.
Here are some of the data that hackers will go after:
- Customer records
- Employee records
- Bank account information
- Emails and passwords
- Payment card details
Small Businesses Can Provide Entry Into Larger Ones
If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more. What's that age old saying? "The chain is only as strong as it's weakest link."
Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one. It's the lotto for them.
Small Business Owners Are Often Unprepared for Ransomware
Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organisations experienced ransomware attacks.
The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.
Even if a hacker can’t get as much ransom from a small business as they can from a larger business, it’s worth it. They often can breach more small companies than they can larger ones. Put another way, and to strengthen our point, small businesses are easy targets.
When companies pay the ransom, it feeds the beast and more cyber criminals join in. And those newer to ransomware attacks will often go after smaller, easier-to-breach companies
Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity
Another thing is not usually high on the list of priorities for a small business owner. Ongoing employee cybersecurity training is often put on the back-burner. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.
Training employees on how to spot phishing and password best practices usually isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.
In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.
Phishing causes over 80% of data breaches.
A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.
Simply by teaching employees how to spot these ploys can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus.
Need Affordable IT Security Services for Your Small Business?
Reach out today to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.
Article used with permission from The Technology Press.