When it comes to cyberattacks, there’s a popular notion that large organizations are the only ones vulnerable. This is due to the belief that they have more data that is worthwhile to hackers. This isn’t exactly accurate, however.
In fact, identity intelligence firm 4iQ found that cybercriminals are targeting more small businesses, resulting in a significant increase in breaches from 2017. Verizon’s 2019 Data Breach Investigation Report (DBIR) affirms this, as the company found that 43% of security breaches involved small firms.
So why are cybercriminals attacking small- to medium-sized businesses (SMBs)? Let’s take a closer look:
#1. Negligence towards cybersecurity
One significant reason why SMBs are increasingly becoming cyberattack victims is because they don’t see themselves as potential targets for hackers. Small companies believe that they have nothing valuable to attackers, so they don’t invest in proper network security solutions. So even though SMBs have a small amount of data on their servers, their infrastructure is easier to infiltrate than those of large organizations, which invest in robust security software.
As a result, when small companies experience security breaches, they find it difficult to recover. According to the US National Cyber Security Alliance, 60% of companies will have shut down within six months of the incident.
SMBs have to remember that they are just as vulnerable as larger enterprises when it comes to cyberattacks. This means that they also have to invest in proper security solutions to protect their confidential data from theft. Our INFINIT Shield technology offers end-to-end managed security services that provide the best possible protection for your business network and data.
#2. Weak password policies
Many users still aren’t using secure passwords to protect their accounts. Instead of coming up with complex passwords, many resort to “123456,” “qwerty,” “iloveyou,” and the like. As a result, 80% of hacking-related breaches still involve using compromised and weak credentials, according to a recent study.
Many online services require users to create better passwords that use special characters and numbers, but this only makes passwords harder to remember. To combat this problem, the National Institute of Standards and Technology (NIST) has recommended a revised policy that businesses can implement in their IT systems:
- Use passphrases. These are composed of a sentence or a combination of words, such as “My05VinylisColorful,” or “windowsNoodleseffectSqaure1479”. A long password containing dictionary words and mixed upper- and lowercase letters is easier to remember and exponentially harder for cybercriminals to guess.
- Reset passwords only after breaches. A common security policy among businesses today is to change passwords monthly to keep accounts safe. This isn’t recommended anymore, as frequent password changes can only lead to password overload.
Instead, companies are advised to require password resets only after a data breach. For instance, if a hacker successfully infiltrates your system, have employees come up with entirely new passwords to prevent any more data theft.
- Implement multifactor authentication (MFA). MFA uses more than one verification method, such as a one-time smartphone code, fingerprint, or facial recognition, to verify a user’s identity. Even if a hacker acquires an employee’s login credentials, they won’t be able to steal confidential files.
#3. Lack of proper cybersecurity training
Cybersecurity is a rapidly evolving environment, and criminals are always devising new ways to steal data from businesses. You may have done cybersecurity training sessions in the past year to teach employees how to keep their data safe, but many make the grave mistake of not updating protocols or not following it up with exercises.
Err on the side of caution when it comes to the security of your data. Take the time to revisit your old training materials and update them as needed. Here are some topic ideas for future training sessions:
- Safe computer habits. This involves refraining from installing programs or downloading files from unknown sources, and not opening suspicious-looking emails or URLs.
- Social networking. Implement an effective social networking training program that limits the use of Facebook, Twitter, and other social media services, whether on their desktop or mobile device. Your program should also guide employees on what to do during phishing attacks.
- Removable devices. Flash drives and external hard drives can easily be infected with viruses, ransomware, and other types of malware, and plugging them into your PCs can pose a threat to your data’s safety. Educate your staff not to plug removable media in their computers, and disable this function accordingly as a preventive security measure.
- Physical security controls. Train your employees to be wary when letting unknown people inside the office. These visitors could be looking for ways to steal confidential information like connecting to your Wi-Fi network, copying handwritten login credentials on desks, or accessing unattended computers. Make employees aware of their surroundings and the people around them.
#4. A lack of a proper bring your own device (BYOD) policy
Mobile devices such as smartphones, laptops, and tablets are increasingly being used by employees to get work done. They don’t just provide convenience and familiarity, these gadgets make it easier for users to work from any location where an internet connection is available.
However, this portability advantage can be dangerous for your business if the devices are used without regulation and supervision. For instance, if a user connects to the internet via an unsecured Wi-Fi network, cybercriminals can intercept the connection to steal company files.
To combat this problem, you can use Microsoft Intune to come up with an effective BYOD policy. With its built-in mobile management feature, employees can use their personal devices for work without worrying about security breaches. Intune makes it easy to secure files through a corporate app, eliminating interference with other programs.
#5. SMBs are pathways to larger enterprises
Cybercriminals are aware of the poor security habits of SMBs, so they’re exploiting this negligence to hack into the systems of enterprises. Corporations typically partner with smaller companies like vendors or contractors whom they provide network access to. And when hackers successfully gain access into the IT systems of SMBs, they can easily infiltrate larger companies.
Invest in security software like firewalls and virtual private networks (VPNs) to prevent any unauthorized connections from accessing your networks. Discuss the importance of data safety with your employees as well, as they can actually be the cause of data breaches in the future.
It’s time to take control of your IT infrastructure. If you want the best cybersecurity solution for your business, then look no further than INFINIT Shield. This innovative threat protection solution uses AI technology that significantly minimizes the risks of cyberthreats for your systems. Get your FREE security assessment today so we can design the best cybersecurity strategy for your business needs.