For some companies like Facebook, the private data they collect represents most of their assets. For others, it’s customer data that matters, including information about client purchases, payments, and payment methods. And all businesses produce operational data that competitors would love to get hold of. In fact, sometimes they manage to do just that.
To help you avoid losing your information, we’ve looked into the major data protection threats posed to SMBs. Read on to find out why you need to take protective action, and how to do so to save your career or your business.
Why should SMBs care about data protection?
You can clearly see the answer to this question by checking the USA’s small business cyber-attack stats. Reportedly, more than 50% of US businesses were targeted by hackers in the past year. And if the attacks were successful, the cost of dealing with them averaged around $1 million per attack.
Not many small businesses are capable of dealing with the consequences of a cyber-attack. Most fail to respond when they are targeted in the first place. Having said that, it comes with no surprise that 60% of companies targeted by hackers fail within six months.
Even if these numbers are a slight overestimate, they show that doing nothing about the cybersecurity of your business can be fatal. To survive in a world where cyber attacks on companies of all sizes are becoming more common, every one of them needs to take action.
What damage cyber-attacks can do to your business
If you aren’t concerned yet, think about the fate of SMBs who failed to meet the challenge posed by cyber-attacks. Below are just a few examples to consider.
Back in 2012, Efficient Escrow was a thriving Californian payments company with a bright future ahead of it. Unfortunately, multiple cyber-attacks that made fraudulent wire payments to Russia and China drained more than $1.5 million from the company and its clients. Facing action from state regulators, Efficient Escrow was done by mid-2013.
In another example from 2009, Floridian construction company PATCO was defrauded over $450,000 by a Trojan horse attack. While PATCO eventually got back most of the money, it was only after a three-year legal ordeal that included taking their bank to court. It took stamina and a bit of legal luck to get there – and not every small business can count on benefiting from either.
Avoid these mistakes when creating your cybersecurity strategy
So, what can you do to protect your company from cybersecurity threats?
For starters, it’s vital not to repeat some of the most common mistakes made by SMBs that are new to cybersecurity.
1. Late response
A shocking proportion of businesses simply ignore the cyber threats, hoping that “it won’t happen to them.” But the first rule of cyber-security is to prepare for the worst. Assume that your company will be targeted and that the costs could be enormous.
2. Failing to invest in human resources
For SMBs, the staff is one of the key security weak points. For instance, your team might choose to work using an unsecure public wifi hotspot, where hackers can harvest sensitive corporate data. Or their password practices could be extremely weak. That’s why all businesses should fund high-quality security training for every employee.
3. Executive laziness
Sometimes, it’s tempting to simply employ an IT contractor to secure your networks, install the right software, and bring staff up to speed. But that’s a huge risk. Instead of relying on contractors, it’s better to have rock-solid security protocols and plans in place, and for company managers to be as well informed as possible about how security systems operate. The contractor might lay the cybersecurity fundamentals, but it’s up to the management to make sure that everything doesn’t collapse once the company is on its own.
4. Out-of-date software and hardware
When you take a look at the annual budget, updating VPNs, virus checkers, operating systems, and hardware isn’t always the main priority, especially if all is going well. But threats can emerge out of nowhere, and out-of-date systems are the primary targets. What seems to be secure can become dangerously vulnerable overnight. Therefore, you need to be proactive and ready to invest in software and hardware updates.
5. Not asking for help
In some small business cyber-attack cases, the first attack often isn’t as damaging as the response. Targeted companies tend to look internally for solutions, instead of admitting the mistake or bringing in external expertise. Don’t be that company. Openness, flexibility, and agility are essential when dealing with cyber threats. Most of the time, you won’t have all the answers, so don’t start by thinking that you do.
How to secure your data and protect your company from cyberthreats
So far, we’ve been a bit negative, but there’s plenty that SMBs can do to secure their data:
1. Create solid disaster recovery policies
The way companies respond to threats is as important as the protection against them. Here’s where the disaster recovery comes into play. All businesses should have a disaster recovery plan, even though many of them don’t.
SMB disaster recovery stats show that 25% of companies don’t have continuity plans. When attacks occur, a stunning 93% of those companies file for bankruptcy within a year, so these plans really are more than a correlation with staying afloat after getting hit hard in the hull.
To avoid such destiny, have secure backup systems ready, with encrypted cloud or third-party storage. Make plans to bring in external experts to quarantine your systems and have communication strategies in place to handle customer relations. And don’t panic. With a plan in your possession, you’ll know what to do.
2. Invest in VPNs and antivirus software
Before the worst happens, invest in the best protective measures. For SMBs, this means implementing reputable antivirus solutions across your local network and ensuring that remote workers use the same tools.
Switching to secure email services, which include anti-phishing and malware scanners, as well as email encryption for sensitive documents, is another rule of thumb.
Most importantly, protect the interface between your devices and the wider internet with a company-wide Virtual Private Network (VPN). These tools encrypt online traffic and anonymize your staff, making them much less vulnerable to cyber-attacks. If anyone works remotely, using a VPN is of utmost importance, and many providers cater to small businesses.
3. Involve your whole team
Finally, try to create a cybersecurity culture among your staff members. This includes everyone, from trainees to the CEO. Bring in external security trainers to talk about password security, social media, communications protocols, and remote working. And try to train staff to maintain high standards at all times.
This flows from the top, by the way. Plenty of CEOs have fallen victim to “whaling” (the elite version of phishing), so don’t slack off. Everyone needs to be security-aware.
By following our advice, you can avoid becoming another failure in the SMB disaster recovery statistics. Nothing is automatic. Data protection takes hard work and planning. But it’s easy enough when you and your team take it seriously. And with dire consequences for failure, is slacking off even an option?