Poor cybersecurity is hurting small businesses


Life among America’s nearly 32 million small businesses has never been easy. According to the Small Business Administration, about 20% of small business startups fail in their first year and a half, subject to failure within five years. Larger businesses have always had more capital, better access to credit and more staying power.

In recent times, survival has become even more difficult for two reasons – one relatively obvious and the other less so. Strong demand amid short supply and high inflation is the economic backdrop today, and big businesses have largely held their own because of their weight, sophistication and strong vendor connections. It’s been a tougher road for many small and medium-sized businesses, however, reflecting less supply chain purchasing power and less ability to raise wages amid a tight labor market.

This was largely predictable given the times, but the second pain point of small business today – increased cyber security issues – was not.

Because many SMBs have not taken cybersecurity seriously, they are being breached significantly more. Small businesses have accelerated the adoption of new digital technologies for remote work, manufacturing and sales, just as large companies have. But they haven’t pursued significant cybersecurity spending, even as their expanding computer networks have created new vulnerabilities for phishing and ransomware attacks.

As a result, the risk of a cyber attack for SMBs – already typically higher than the risk for large companies – has increased dramatically over the past two years. During 2020 and 2021, data breaches at small businesses globally increased by 152% compared to the previous two years, according to RiskRecon, a MasterCard unit that assesses companies’ cybersecurity risk. This figure is twice that of the largest companies in the same period.

Additionally, a 2021 study by IBM found that 52% of small businesses had experienced a cyber attack in the past year – a figure that is likely higher now that there are even more cyber attacks. Meanwhile, a recent study by UpCity, a Chicago-based business services provider, found that only 50% of US small businesses have a cybersecurity plan for 2022. While a small improvement from the past, this will says that 50% do not have a plan – an important issue.

Given today’s difficult circumstances, it’s no surprise that small businesses are more focused on day-to-day survival. However, long-term survival is probably unattainable without a respectable cybersecurity program. After all, almost everything has gone digital. All sensitive personal files are stored on a computer today and bank and credit card accounts are accessed online, as is the financial information of companies large and small. It’s also important to remember that cybercriminals exist inside as well as outside the walls of companies.

All of this requires cyber protection, including trained cyber security personnel and some sort of data recovery and business continuity plan. Unfortunately, however, many small business owners still believe they are too small to worry about cybercriminals and don’t have enough data to warrant a breach.

One important reality they don’t realize is that cyberattacks on large companies are more likely to catch the eye of federal law enforcement—something no criminal wants. It’s also true that malicious actors know that the world’s largest companies take cybersecurity very seriously. So they’ve increasingly found that instead of fighting an uphill battle, it’s better to target the smaller businesses that are part of their supply chains, knowing that their defenses are usually much stronger. weak.

Another common misconception among small business owners is the financial reality of a cyber breach. Many still think it’s mostly about paying out immediate damages and making repairs – much like other damaging disasters. In fact, much more than that falls on the general ledger, including ransomware payments, lost productivity, increased wage hours, investigations, regulatory filings, and frequent legal expenses.

There is also the negative impact of bad publicity, in many cases the worst blow of all. Eighty percent of consumers will leave a business if their information is compromised in a breach, according to the International Data Corporation.

Small businesses need to find ways to fund cyber security more generously and seriously plan and create security procedures. They must also adopt ways to better protect data and related equipment from cyberattacks, which like security procedures, are primarily about strategy, not finance.

In this regard, here are some tips:

Make safety part of your company culture. Studies have found that the human factor was involved in more than 85% of breaches, whether it involved falling for a phishing attack or using easily-crackable passwords. These can be mitigated through enhanced awareness programs that don’t stop with a playbook of potential attacks. They also embed security into the organizational fabric, constantly reminding employees of their responsibility to keep the organization secure.

Install anti-malware software and keep it up to date. It would be better to have software that protects devices from viruses, spyware, ransomware and phishing scams. Make sure it is updated regularly.

Require the use of strong passwords and two-factor authentication. The easiest way to access a business network is to guess passwords. Most people use a single password for multiple sites and accounts. All employees must have unique passwords for each of their accounts. Password managers are the best method to achieve this goal.

Back up your data regularly. It is better to have multiple backups of company data. That way, if you fall victim to various cyber attacks, you’re not completely out in the cold.

Restrict employee access. It makes sense to segment employees and limit them to only the systems and data they need to access. If strict access controls are maintained, you will limit the damage that any single user can do to your network security.

At the very least, these and other similar steps can help mitigate cyber stress across the business. According to a recent CNBC/SurveyMonkey Small Business Study, which regularly surveys more than 2,000 small business owners every quarter to monitor their view of the business environment, nearly four in 10 small business owners are worried about a cyber attack within the next 12 months. Mitigating some of this concern is almost as valuable as stopping an attack itself.


Robert Ackerman JrAbout the Author: Robert Ackerman Jr. is the founder and managing director of AllegisCyber ​​Capital, a Silicon Valley-based cybersecurity venture capital firm. He is also co-founder and board director of DataTribe, a Fulton, Md.-based seed and early-stage fund that invests in cybersecurity and data science startups.

Bob has been recognized as a Fortune 100 cybersecurity executive and also as one of Cybersecurity’s “Money People.” Previously, as an entrepreneur, Bob was president and CEO of UniSoft Systems, a leading UNIX systems house, and founder and chairman of InfoGear Technology Corp, a pioneer in the original integration of Internet and telephony technology.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.



Source link

Related posts

Next Post

Leave a Reply

Your email address will not be published.

13 + seven =

RECOMMENDED NEWS

FOLLOW US

BROWSE BY CATEGORIES

Welcome Back!

Login to your account below

Retrieve your password

Please enter your username or email address to reset your password.