As a business owner, you are already aware that your company might be vulnerable to attacks by hackers. Your concern is justified because 65% of cyber-attacks are aimed at small businesses. There is a good chance a hacker is using sophisticated software to try and hack your network right now.
Even if hackers haven’t found a way into your system yet, you can be sure that they are trying to find a way to:
- send emails from your email servers that destroy your company’s reputation (spam, porn, confidential customer information, etc.)
- gain access to your accounting and banking systems
- or steal your data and hold it hostage (ransomware) until you pay them an exorbitant amount of money to get your data back.
Did you know that it takes an average of six months for businesses to realize that they have been, or are being, hacked?
After the hack is discovered, it can weeks 6 – 8 weeks disable and remove all the threads of the attack. The attack is removed, but the damage has been done. How long does it take to restore a damaged reputation, or to be trusted again by a vendor or customer who was affected by your hack?
So, why do hackers target small businesses? Some of the reasons are obvious, and some may surprise you.
Here are 4 reasons why small businesses get hacked:
Under the Radar
Not every hacker wants to be famous. Most don’t care about getting their conquests splashed all over the news.
Hackers attack small businesses because these companies are less likely to report security breaches and more likely to pay the ransom.
Reporting a breach is damaging to the company’s reputation. A company might prefer to deal with the damage or pay the ransom rather than go public. In fact, in one study, 53% of companies paid the ransom immediately. In addition, what many companies find out is that, even if they report the breach to the police, law enforcement agencies are not cybersecurity experts and can’t be of much help.
Every business has to prioritize spending. Initiatives that grow the company’s revenue and profitability are the priority. IT upgrades and advanced cybersecurity services and tools aren’t an immediate need so they don’t make the top of the list.
Unfortunately, the reality is that your old security software is not “good enough” to stand up to today’s sophisticated cyber-attacks. “Good enough” makes you an easy target.
Employees inviting viruses and hackers
This one is shocking. Research from Stanford University found that 88% of ALL data breaches are caused by employees. Here are a few of the most common ways employees invite trouble:
- Weak/reused passwords – Weak and/or reused passwords are asking for trouble. Because of our bad habits, it’s best to require strong passwords that must be changed periodically
- Access control – When we start working with a new client, we frequently find that front line employees actually have access to company financial and payroll information even though they’ve never looked for it. Their access has not been restricted to only what they need.
- Failure to install updates – Installing updates is a pain and occasionally cause problems, so updates are put off indefinitely.
- Email attachments – An employee opens an email attachment that unleashes a virus on the entire network and they don’t even realize it.
- Unlocked doors – Your system may not require new files to be scanned for viruses/malware (i.e. files received in email or on flash drives). It’s like having a flashing neon WELCOME sign.
Small companies don’t have the advanced skills required and training happens rarely, if ever.
You’ve been hacked before
Hackers are like sharks: they can smell blood in the water from miles away. Once the word gets out that you’ve been hacked, and that you’ve paid the ransom, you’ll have hackers lined up around the block. Like a lot of criminals, hackers are looking for the path of least resistance. Once they hear you’re an easy target you’d better prepare yourself for all kinds of cyberattacks.
It takes work to be ready in today’s cyber landscape. The steps include:
- a comprehensive cybersecurity strategy
- staying up to date on the latest hacking practices
- acquiring, maintaining and using the latest cybersecurity tools
- a scheduled data backup system that also verifies the backup up data is not corrupted
- training your employees on what to look out for and what to do
Almost every day there are news stories about companies getting hacked, big companies paying millions in ransom. Companies like Apple, Amazon, Target, and Facebook can afford the best security available, yet they still get hacked.
What you don’t hear about is the small businesses shutting down because they’ve been crippled by a cyber-security breach. A shocking 60% of small businesses that are crippled by a cyberattack will not recover.
Make cybersecurity a priority for your business and you’ll increase your chances of staying off a hacker’s watchlist.
Information technology is a tool. If we can help you navigate your way to a more productive, efficient and safe operations, accounting and/or IT system, then you can focus on growing your business.