More than half of small and midsize businesses in the U.S. have suffered a cyber attack in the past year—but despite this frightening reality, very few businesses are making IT security a priority this year. That's a big mistake, because small business owners are at a greater risk than they may think for data security problems and cybercrime.
Your businesses at risk
Businesses are starting to wake up to the risk of cybercrime. In a 2016 survey by the Ponemon Institute, more than half of businesses surveyed believe cyber attacks are becoming more targeted, more sophisticated, and more costly.
Cyber attacks are also targeting small businesses to a greater degree than in the past. Some 55% of respondents in the Ponemon study experienced a cyber attack in the past 12 months, and 50% had a data breach in the past year.
Cyber attacks are costly and disruptive. Companies in the study that suffered an attack spent an average of $879,582 due to damage or theft of IT assets. What's more, disruption to normal operations cost the affected businesses an average of $955,429.
However, small business owners remain inadequately prepared to defend against cyber attacks. According to Ponemon:
- Just one-third of respondents say the technologies they currently use adequately detect and block most cyber attacks.
- Nearly six in 10 say attacks have gotten past intrusion detection systems.
- 76% say attacks have gotten past their anti-virus solutions.
What are the most common risks?
Here are some of the most common weaknesses that make businesses vulnerable to cyber attacks—and how to get serious about defending yourself.
Cloud-based applications and data storage: Cloud usage is on the rise and expected to grow, which creates more opportunity for cybercriminals. Web-based attacks are the most common type of cybercrime, according to Ponemon, and 41% of respondents have suffered a data breach due to errors by third parties (such as contractors) that have access to cloud applications.
- Solution: Limit access to your cloud-based apps only to those who need it. Choose laptops with built-in encryption of storage drives for extra protection.
Phishing and social engineering: Humans remain a weak link in cybersecurity, which makes phishing and social engineering popular approaches for cybercriminals. Ponemon found 65% of small and midsized businesses that have a password policy do not strictly enforce it.
- Solution: Develop and enforce a cybersecurity policy that includes regular training and requires passwords be changed every six months at minimum. Guard against human error by buying PCs with strong multi-factor authentication mechanisms that combine factors such as PINs and fingerprints or passwords and facial recognition. For extra protection, add a mobile app such as HP WorkWise1 that lets employees monitor and lock their computers with their smartphones.
Mobile devices: Laptops, tablets, and smartphones used to access business-critical applications and networks create opportunity for cybercriminals. However, many businesses allow employees to use their own personal mobile devices for work.
- Solution: Provide employees with company-issued mobile devices so you can set up device management solutions. Require employees to use a password or biometric authentication to secure their mobile devices.
Networked peripherals: When printers, scanners, copiers, and fax machines are connected to your business network, they can provide easy entry points for cybercriminals.
- Solution: Choose printers with built-in security features that can detect and stop threats the moment they start. Establish and implement a security policy for printer use and restrict access to printers only to those who need them.
Remote work: Employees working in public settings or during business travel are at risk of having their notebooks or mobile devices stolen or compromised. Prying eyes may spy passwords or critical business data on a laptop screen.
- Solution: Prevent data theft and loss by choosing notebooks with a full stack of endpoint security features, including an integrated privacy screen that darkens to prevent visual hacking.
Business owners must take cybersecurity seriously. Developing smart policies and employing the proper technology can help you protect your small business from these very real risks