With the on-going pandemic, 89% of small businesses are now working from home according to a survey conducted by the Cyber Readiness Institute.
In that same survey, a new finding emerged that small businesses with fewer than 10 employees tend to focus less on cyber security.
With 43% of the overall cyberattacks target small businesses, cybersecurity has become an important factor during COVID-19 pandemic.
It is evident from these stats that small businesses will remain a primary target in coming months but the need for employee education on phishing and common attacks.
Why Small Businesses Are Not Ready for Cyber Attacks?
When compared with large companies, smaller businesses do not have deeper pockets and can’t make bigger investment in Information Security department.
Small businesses put an average of 9.8% on their IT budgets toward cybersecurity. With a smaller budget, they do not get the best expertise, plans, and technology to begin with.
The pandemic has also played its role in leading small businesses to focus less on cybersecurity as well.
With the decline in sales and lack of customer attraction, many small businesses have been shut down because they couldn’t bear any additional cost let alone the cost of cybersecurity and online protection.
Even the ones that did had cybersecurity protection are now cutting cost for survival of their businesses.
In these tough times when there is more of a need for online protection, small businesses are becoming more appealing targets to hackers.
How Many Cyber Attacks Happen Against Small Businesses?
According to Cybint Solutions, 43% of cyberattacks happen against small businesses. However, Verizon has that number going up to 60%.
We could never know the actual numbers because many small businesses do not even report an attack. These attacks are either caused by outside hackers or someone that are called international bad actors.
Many attacks come within the organization as well. This may include disgruntled employees or negligent staff.
Not all cybersecurity attacks are the result of a malicious attacks, but they are also the result of a human error. It might seem less threatening, but as a matter of they also bring consequences of any data breach.
How Does Data Breach Impact Small Businesses?
On average, small businesses could lose $320,000 according to IBM. Loosing this kind of money from a small business is enough to make it bankrupt and result in job losses.
The same happened with Efficient Services Escrow Group where they were late to discover the data breach but the hackers had already infiltrated the system using a Trojan Horse.
The hackers wire transferred an amount close to $1.5 Million in two separate accounts in China and Russia. All employees lost their jobs.
The company was able to retrieve the amount that was sent to Russian account, but it was never able to retrieve the money that was sent to China.
Rokenbok was another company that happened to educate children how to think like engineer. The company was initially hit by a Denial of Service Attack and then later experienced a Ransomware attack.
But despite paying the ransom, the company built another system from scratch that had cost thousands of dollars in the process. At the time, only 7 employees were working for Rokenbok. It learned a new lesson that day on website security and is still in the business.
Not many small businesses have the will power as strong as Rokenbok, but they don’t have a strong cybersecurity infrastructure as well.
What Small Businesses Can Do to Prevent Hacking?
If small businesses do not have a big budget for online security, the least they could do is to provide their employees a safe network to share files and their data.
Having a good VPN service is a good yet affordable alternate to spending millions on information security.
Most VPNs that offer an encryption of 256-bit AES can prevent any cyberattack because it would hide your original IP address.
Every hacking begins with an IP address. If your IP address is easily known by these hackers, then its probably a matter of time until they pay a visit to your system.
But here’s a catch, your system should always be protected with a VPN. Asking all of your employees to use a VPN at all times in all of their devices is difficult to manage, but isn’t impossible.
Another solution is to offer cybersecurity education to all employees. Every employee must know how the scam works, how hackers tend to attack the network, and similar stuff.
Scam emails i.e. phishing are the easiest source of a malware. These emails are often made to appear that they were sent by individuals or organizations you think you know.
They trick individuals by hacking their system and get valuable information.
Updating software is another way to keep hackers at bay. Turning ON updates from Microsoft Windows/MacOS, anti-virus software, and other security software will keep it secure.
These updates are required whenever these software companies find loophole which needs to be fixed in the latest version.
Last but not the least, always create a backup for your important data. It is better to keep a copy in a USB or on another system, or even on cloud storage. Better backup than sorry when you lose data.
Shahmeer Baloch is a Marketing Professional-turned Tech Writer who is also a Privacy Advocate and a VPN Expert. He doesn’t hold back identifying the flaws in Privacy Laws and makes it easier for everyone to understand Cyber Security issues that are underlying after the post-COVID-19 world.