If you thought that your size as a small business owner made you less likely to be the target of a cyber attack, think again. If anything, your size may put you at a greater risk of being hacked.
The statistics about cyber attacks against small businesses are startling high, with some showing that about a quarter of all cyber attacks are lodged against small businesses. Just as startling is how these criminals are making their way into these businesses, and it’s not what typically comes to mind, i.e. secure computer systems.
While the stats show that small businesses stand to be attacked the most, and subsequently lose the most, the world doesn’t typically hear about these issues. Take for example the global cyber attacks that have been making headlines over the past few months.
Criminals have upped the ante with their threats by demanding the companies whose systems they take over pay money for them to be released. As insane as that may sound, it is becoming the tool of choice by cyber attackers.
Over the past few months, these types of threats have increased. The main targets have been large companies, but they highlight the need for businesses, regardless of their size, to arm themselves against these threats.
Given these crimes are increasing, and the fact that the target is not limited to a multi-billion dollar, we thought to give you an update.
We’ll call it cyber security 101, and will provide the basics about cyber attacks. We’ll detail why small businesses are being targeted at such alarming rates, and what you can do if you are a small business owner to make sure that a keystroke doesn’t disable, if not destroy, your business.
In this piece, we’ll discuss some of the key things business owners should know about dealing with cyber attacks.
When ransoms hit cyberspace
A new, formidable kind of cyber threat is consuming businesses around the world. Its MO is to infect the computer system, and then demand a ransom to restore it.
The culprits behind the attacks are using a software called ransomware. There are several types of ransomware, but they all work on basically the same premise. They alter your computer systems to keep them from operating normally, and to fix that, the virus “asks” for something.
Targets are not limited to computers. They can also include enterprise networks and servers.
The viruses that have gained attention the most recently are related to ransomware. They gained international attention because of the size and name of the businesses that were targeted.
First came the WannaCry ransomware virus, and it was followed by a variant of the Petya virus. In both cases, the virus initially infected a particular company, or country, and then quickly spread internationally.
As noted by Microsoft, ransomware will demand that you pay money to access your PC or files. The company says it has also seen them demand the infected user complete a survey. It can:
- Prevent you from accessing Windows.
- Encrypt files so you can’t use them.
- Stop certain apps from running (like your web browser).
After exploding in the past couple of years, Microsoft says ransomware encounters seem to be declining. The software giant chalks up the declines to improved blocking of attacks by security software, such as its Windows Defender Antivirus.
Small targets make great targets
The Federal Trade Commission has weighed in on the issue of cyber attacks, and how they affect small businesses. It acknowledges that as larger companies take steps to secure their systems, less secure small businesses are easier targets for cyber criminals.
The numbers show the impact. Consider this. Over the past year, more than 14 million small businesses were the victims of a cyber attack. Statistics also show that within their first six months of opening, many small business owners find themselves to be victims of an attack.
It is estimated that 60% of small businesses go out of business within six months of a cyberattack. Of those who are attacked, almost have of them are maliciously targeted. The rest stem from human error or system failures.
Don’t open that
As a small business owner, you should still think like a big business, especially when it comes to cyber security. Many of these virus infections start by an employee opening an email and clicking on a link.
Despite repeated warnings to not open email from people you do not know, people continue to do it. Whether it be at home or at their workplaces, people still don’t understand the danger in opening emails, even when they are suspicious about the sender.
Some companies are “outing” these workers to make them stop doing it. I recall an employer’s IT department sending an email to all workers in which the sender was email@example.com.
The message included a link to click that would include the tracking number.
A close look at the sender’s email was the first red flag – fedex2.com. If that wasn’t enough to warn to recipient that this was a possible cyber security threat, hovering over the link with the cursor was because it showed an address that did not mention FedEx.
No matter, several employees clicked on the link, and IT sent out a group email that included their names! I’d gander they reviewed the company’s IT policy on the matter.
The model the IT professionals pattered their email attack after called spear phishing. It’s used to target specific entities to gain access to confidential information.
Beware of its tactics, which include:
- techniques to bypass email filters
“The objective of spear phishing and phishing are ultimately the same—to trick a target into opening an attachment or click on a malicious embedded link,” according to Trend Micro.
How to protect yourself
An effort this company made, as well as many others, was to develop a comprehensive cyber security course that employees must complete, pass and sign acknowledging that they understand the policy. As a small business owner, you can do this too, and the cost is minimal, if existent at all.
Start with the FTC, which re-launched Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans. This tool can help small business owners create and save a custom cyber security plans. It includes a menu that allows you to choose from a list expert advice to address your specific business needs and concerns.
One of the tips from the FTC is to keep clean machines that run the latest security software, web browser, and operating systems.
If you have antivirus software, don’t just set it, and forget it. Make sure that it runs a scan after each update.
In addition, it’s critical that you immediately download any “patch” updates you receive. These will come from Microsoft, and often prevent you from being a victim of a specific attack.
Speaking of these patches, know that if you are running unlicensed software, such as Windows, you likely won’t receive notices about these patches. To save costs, small business owners may use unlicensed, or even pirated software. However, the money saved from this cost-cutting scheme, may cost you dearly. Think of the ransom you may be asked to pony up if you’re the victim of one of these ransomware attacks.
Lawmakers step in
As you set up policies to secure your systems from cyber attacks, lawmakers are working on legislation that may help. It’s called the Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017.
This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
This has been a lot to take in. However, as technology is increasingly used to run everything, cyber security will continue to be elevated to the top of the lists for small business owners. Take advantage of advice from the U.S. Small Business Administration. On its website, It not only lists tips, but also a self-paced training exercise.
There’s no such thing as over emphasizing the threat of cyber attacks to any workers you employ.
If nothing else should spur you to stay on top of securing your systems, this should:
More than half of small businesses closed their doors due to cyber attacks on them.
With that, be safe as you and your business navigate cyberspace.
Author: Tedra Williams DeSue
Tedra has been a finance/investment writer for more than 20 years. Her areas of expertise range from dividend growth stocks to municipal and corporate bonds. She also writes about personal finance and small business issues. Her work as a finance writer has been published in The Bond Buyer, Forbes, The Street, Yahoo Finance, Insider Monkey and NBC News.