If you’re like 71% of small business leaders, you may feel vulnerable to a cyber attack. According to a study done by Microsoft, the biggest concerns for small to mid-sized business leaders are phishing schemes, compromised passwords, ransomware, and sensitive information being leaked by an employee. With the way cyber criminals have been working, your concerns are well-placed. Both ransomware and phishing schemes have rapidly grown over the last three years. These attacks haven’t doubled or tripled, in some cases they have grown year over year tenfold. With more attacks hitting small businesses, it is much more likely that an employee could make a slip that compromises sensitive information.
To add to the concern, this same Microsoft survey found that 47% of small businesses don’t encrypt email, 59% are unable to wipe data from lost devices, and 54% do not use any multi-factor authentication. These are the kinds of vulnerabilities cyber criminals are trying to exploit around the clock. Without some of these foundational security measures, it’s hard for a small business to have any peace of mind.
The Barriers
At the heart of this issue are the very real barriers that small businesses face when they look to deploy security technology. Lack of expertise is one barrier. Cyber security threats are always changing and very involved, so it’s a lot to keep up on. For the average business owner, it’s not something they can dedicate time to while keeping up with all of their other responsibilities. Experts on the matter are more expensive than most small businesses can afford, which brings us to our next barrier – cost.
The biggest barrier for small businesses looking to deploy security technology is the cost. The cost of the technology, tool, and training necessary and the cost of a specialist required to implement and maintain the security technology. A small business struggles to find the budget for technology at all, and cyber security is no exception. Cyber criminals know this and use it against small businesses, targeting them more often. Larger businesses with larger budgets for cyber security defenses are 10x less likely to be the target of a cyber attack.
The Risk
The old saying, “you have to spend money to make money,” almost applies to cyber security. In this case, however, it would be more like, “you have to spend money to ensure you don’t lose large sums of money.” A cyber incident can cost a small business thousands of dollars in ransom fees and lost business. So much so that 50% of small businesses close within six months of a significant cyber incident.
What you can do
A small business leader may feel their options are very limited and that there isn’t a great way for them to protect their employees from phishing or ransomware attacks. The best way to get started in defending your employees against cyber criminals is to train your employees. Security training makes your employees aware of the threats out there and helps them to identify any potentially malicious emails. Employees are often the slipping point that lets a cyber criminal in.
Training is a great start, but you need to make sure monitoring and alerting are also part of the package. Your network should be scanned for vulnerabilities and subsequently monitored to make sure no suspicious activity take place. If anything out of the norm happens, you’ll be alerted.
If you want to learn more about training programs for your staff, or the technology tools you need to keep your network secure, contact security@gadellnet.com.