• Mohammed Yusuf

What SMB Owners Should Know About Data Security

It is easy to believe having a small to medium-size business alleviates the need to worry about cybersecurity or that cybercriminals will pass over attacking your company. You may think you have “not much to steal,” as that is a common mindset amongst small business owners. However, that is completely incorrect. This article addresses the “need to know” for SMB customers about Data Security and what to look for in an MSP in what they offer around Data Security protection.

Types of Attacks

It is important to understand the types of trends that exist within SMB cyber-attacks and data breaches. Most companies remain unaware of the different types of attacks experienced by businesses. Below are the different types of attacks organizations have stated they experienced over the past year.

Based on the above chart it is evident that phishing emails/social engineering are leading the way as the most significant forms of cyber-attacks. Phishing emails are an attempt to obtain sensitive information by disguising themselves as a trustworthy entity in electronic communication. 79% of ransomware attacks are coordinated through phishing email sent to laptop devices. 37% of mobile devices were used as a method to attack SMB customers.

How much Money is Lost

Recent Studies by the U.S Congressional Small Business Committee found that cyber-attacks have happened in 71% of business with less than 100 employees. A study of 600 SMB’s conducted in 2017 showed that in just 12 months, the number of cyber attacks on SMB’s had increased by 6% and data breaches were up by 4%. Cyberattacks are costlier. The average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 from 2016 to 2017. In conjunction, the average cost of disruption to normal operations increased from $955,429 to $1,207,965. What does this mean? The risks associated with data security are becoming more prominent within the SMB world, and data security education is no longer a nice to have, but a must-have.

Challenges that prevent fully effective IT Security

SMB’s are often faced with different challenges that prevent them from effectively managing their security. Some of the more common reasons organizations are not fully prepared for cybersecurity attacks are:

  1. Insufficient personnel – Cybersecurity experts are becoming scarce, according to the ISACA (Information System Audit and Control Association), where about 1 Million security jobs worldwide are still unfilled.

  2. Insufficient budget – The cost of security personnel has steadily increased over the past few years and has been one of the main the main reasons organizations in the SMB space have refused to hire. 69% of SMB’s state that they do not have the budget for security, so they are willing to put themselves (or overlook the) risk of a cyber attack

  3. Lack education of education on cyber attacks – Users within the SMB spaces lack education in security and this has become more than 50% of the reasons for data breaches; due to careless actions. Simply put, it's not always malicious thieves…. its operator error!

How to avoid being a victim

  1. Use a firewall – The first line of defense in a cyberattack is a firewall. A firewall can provide a barrier between your data and cybercriminals. The installation of a firewall for remote workers is a necessity to continue to ensure protection.

  2. Document your cybersecurity policies – Small businesses often operate by word of mouth, but yet cybersecurity is one area where it is essential to document your protocols. The Federal Communication Commission (FCC) Cyberplanner 2.0 (here to access) provides a starting point for your security document.

  3. Plan for mobile devices – Studies show that 59% of businesses currently allow BYOD (Bring Your Own Device). It is imperative that companies have a documented BYOD policy that focuses on security precautions. SMB’s should require employees to set up automatic security updates and require company password policies to apply to all mobile devices accessing the network.

  4. Educate all employees – The education your employees is critical to success in the fight against cyber attacks. Educating should include VPNs, strong passwords, spam and phishing attacks. Since the policies are evolving as cybercriminals become savvier, it is essential to have regular updates on new protocols within your environment. It is imperative to hold employees accountable and create a document for signature from the employee stating that they understand all security policies and procedures.

  5. Regularly backup all data – Though preventing as many attacks as possible is the goal, it is impossible to prevent all cybersecurity breaches and attacks. A full backup of your documents, databases, financial files, and HR files is a good practice to implement. This give you the opportunity to recover your data and/or IT environment from a specific point in time.

  6. Use Multifactor identification - Regardless of your preparation, employees are susceptible to security mistakes, which can compromise your data. The use of a multi-factor identification setting on your networking and email services provides an extra layer of protection.

Security continues to be a moving target, of which cybercriminals get more advanced and bolder each day. To protect your data, it is essential that each employee make cybersafety a top priority. Your small size does not protect you from hackers. You. Are. A. Target.

Mohammed Yusuf