Small businesses face cybersecurity threats

What do you think of when you hear the phrase “cyber-attack”? Maybe you picture a team of sophisticated hackers stealing billions of dollars from a multinational bank. But small businesses aren’t immune to cybersecurity threats.

According to specialist insurer Hiscox, 23% of small businesses suffered at least one cyberattack in 2020, at an average cost of $25,000. Unfortunately, SCORE mentors see this with their clients too.

Let’s take a look at some of the biggest cybersecurity threats and what you can do about them.

There’s been a 300% increase in cyberattacks since the dawn of the pandemic. Between February and March 2020, the volume of phishing emails, designed to capture sensitive information, often by convincing recipients to download malicious attachments, surged by more than 67%.

What can you do about it? Because remote working is still relatively new to a lot of us, many of us don’t have the skills or experience to protect ourselves, employees or employers.

The solution is education. Hold training sessions to help employees identify common threats and explain cybersecurity best practices, such as avoiding suspicious-looking links and files, and locking computers when they’re away from their desks.

With long virtual meetings, even longer hours and minimal separation between work and social time, the pandemic has been tough on remote workers. It’s no surprise that two-thirds of employees report “sometimes” or “often” feeling tired or having little energy while working from home.

Tired employees are more susceptible to making errors, doing substandard work or making bad decisions.

The solution here might seem counterintuitive: force your employees to do less work.

Insist they take all of their allocated breaks and use all their annual leave. As a manager, play your part in stigmatizing the culture of unpaid overtime by never sending emails outside of working hours.

It’s not hard to see why cloud providers have become so popular. The ability to open files and access information on any device, from any location, rather than storing them on a single, physical hard drive or server, is useful for employees.

Unsurprisingly, 84% of organizations using the cloud say they do so to store data or backups.

While storing documents in the cloud is convenient, it also increases your vulnerability to cybercrime by giving hackers more potential attack points.

Wherever possible, make sure work is being carried out on corporate rather than personal devices, and that those devices are equipped with security measures like two-factor authentication.

Humans are often the biggest cyber threat facing your business.

According to a CIO Insight survey, one in five organizations have experienced data breaches by former employees.

In an ideal world, people would never leave your organization on bad terms or have a desire to leak sensitive information.

But in reality, there are always people who leave under a storm and business owners need to make sure those employees can’t cause any damage. Scrutinize all accounts that have access to internal tools and systems, and terminate that are connected to former employees.

Passwords have been the cornerstone of cybersecurity efforts for decades. Yet research shows many organizations still aren’t using them effectively. In fact:

• 35% don’t require a minimum password length.
• 32% don't require special characters.
• 29% don't require numbers.
• 28% don’t require a combination of upper and lowercase letters.
• One in five businesses rotate passwords less than twice per year.

These organizations leave themselves vulnerable to hackers cracking their passwords. This issue is further exacerbated when the same passwords are replicated across multiple accounts.

This one is easy issue to solve: just implement all those basic best practices into company IT policy. By forcing users to take steps like regularly changing their passwords and using special characters, the risk of attack is reduced.

Dean Swanson is a volunteer Certified SCORE Mentor and former SCORE chapter chairman, district director and regional vice president for the North West Region.