Unfortunately, for small business owners, the thought that they are too small to be a target is simply inaccurate.
According to the US House Committee on Small Business, 71% of cyber attacks target businesses with fewer than 100 employees.
~ US House Committee on Small Business 2015
The average total cost of a cyber-security breach is $36,000 for a small business.
~ Better Business Bureau 2015
60% of small businesses that are hacked go out of business within six months due to the loss of reputation, financial repercussions, and the inability to recover from downtime.
~ National Cyber Security Alliance
Cyber criminals took an average $32,000 from small-business accounts.
~ National Small Business Association 2015
Ransomware saw a 165% rise in 2015 netting cyber-criminals a whopping $325 million in ransom.
~ McAfee Labs Threats Report & Cyber Threat Alliance 2015
The Federal Trade Commission now has the power to punish organizations that fail to invest in and deliver robust cyber-security measures.
~ Third U.S. Circuit Court of Appeals 2015
There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.
~ John Chambers, CEO of Cisco
Businesses today are going to have to rely on their own resources if they want to protect themselves from cyber attacks. This is because law enforcement is limited due to both a lack of trained staff as well as the inability to prosecute criminals both in and outside of our borders.
So what are small businesses who can’t afford a trained cyber security staff supposed to do? The keys are education, and effective multiple layers of defense.
More than 40% of cyber attacks are successful because they begin with your employees. They take advantage of natural human curiosity, and the general desire of most employees to be helpful. A simple click on a link in a suspicious email, holding the door for a stranger to enter a secure area, or giving a login and password to someone pretending to work for the IT department can lead to devastating results to a small business’ data and computer systems.
Therefore, it’s imperative that you make the effort to increase your employees’ awareness of the very serious and growing trend of hackers targeting small businesses. Make sure they are educated about the dangers of social engineering attacks. And in situations where they are concerned about the legitimacy of an authority figure wanting access to a computer or secure area, make sure they are given the freedom to say “No” without fear of repercussion, and have the policies in place to support that.
From a technical standpoint, most small businesses have only a limited budget that they can devote to protecting their computer systems and data. The key, again, is defense in depth – systems and procedures that provide multiple obstacles for cyber criminals to have to traverse to get to your data. To do this:
- Make sure you ALWAYS keep your software and operating systems up-to-date. It’s annoying to have to wait, to reboot, and deal with changes. But be assured, if a software company sends out an update on Tuesday, you can be sure that Tuesday night cyber criminals are researching the weaknesses those updates are correcting and are attacking on Wednesday. They know many people put off an update because it’s inconvenient. So, like a lion picking off the stragglers in a herd, they search for computers that have not yet been updated. Hackers like to take advantage of inconvenience.
- Use a high quality anti-virus software program that is regularly updated. In “the old days” hacking was something bored kids used to do after school for fun. Today, it’s BIG business and new viruses and malware are constantly being created to get your data. An anti-virus product that hasn’t been updated for months is nearly as useless as not having one at all. A relatively small investment in this kind of protection will pay off in unknown ways.
- Keep your systems and data backed up regularly. With the proliferation of ransomware, cyber criminals have found a very lucrative way of making money by encrypting your data and holding it “hostage” until you pay them to unlock it. Even the FBI is advising that you just pay the ransom as the time and money to unlock it is outrageous. Unless you have a technical solution to prevent this from happening in the first place, your only other option is to restore your system from a healthy back-up (one that doesn’t also have ransomware in it). Without it, you are what you’d be if you were attached to another object by an inclined plane, wrapped helically around an axis (look it up).
- Find a provider of a managed next generation firewall solution for your business. A Managed Firewall is a firewall that is monitored, managed, and kept up-to-date by cyber-security experts outside of your company. And a Next Generation Firewall will provide necessary multiple layers of defense to your entire computer network, not just the computer sitting on your desk.
Managed next generation firewalls offer several benefits to small business owners, such as:
- Reduced resources and expenses
- Compliance to various security regulations such as HIPAA and PCI DSS
- No licensing costs
- Understandable reporting
One such provider of a managed next generation firewall is Axiom Cyber Solutions. At Axiom Cyber Solutions, we strive to make managed cyber-security affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions provides a fully configured enterprise class next generation firewall to secure your business against today’s threats and those of tomorrow. If you would like to know more, contact us at firstname.lastname@example.org or call me at 1-800-519-5070.