The bigger they come, the harder they fall. That used to be the mantra of your typical cybercriminal. They would target the largest companies believing they could hit the jackpot by stealing millions of customer records in one shot for sale on the dark web. They relied on their victims having the resources to pay huge sums in untraceable cryptocurrency to restore encrypted data and systems after a ransomware attack.
They’re still trying, but today it’s much more difficult. Most large organizations now have robust cybersecurity infrastructure around their IT environments including multi-layered firewalls and sophisticated malware detection systems to protect against external threats. They have the resources to train employees in best practices to recognize suspicious emails and deploy password management systems to impose uniform rules on all users.
That’s not the case with most small businesses, contractors, and freelancers; they don’t have the resources or expertise to implement effective cybersecurity solutions, train staff to identify phishing scams, or enforce a consistent password strategy. So, cyber criminals have lowered their sights. They may not be able to get as a big prize for hooking a small business, but there are many more smaller, vulnerable fish in the sea. They’ll try to make it up in volume.
What, me worry? You should.
Many small businesses think they are too insignificant to be targeted by hackers, that they’ll fly under the radar. The truth is getting attacked is a matter of when, not if. The question is whether or not the attack will be successful. In fact, there has been an explosion in the volume of cyberattacks reported by small businesses precisely because of their size and assumed low level of cyber defense readiness.
Here are several reasons why you should worry about your small business becoming a victim of cybercrime:
- Small businesses are three times more likely to be attacked by cyber-criminals compared to large businesses1. Employees at small businesses have been found to be less technically savvy and more prone to phishing scams.
- 58% of malware attack victims are small businesses. Hackers are pivoting to the point of least resistance, targeting companies with little or no cyber defenses. If caught, small businesses are less likely to prosecute.
- 80% of breaches are related to weak passwords, or reusing the same password or credential across multiple gated services.3 Most people choose passwords that are simple to remember. That makes them simple to break.
- 60% of small businesses that experience a breach cease operations within 6 months. It is much more difficult for a small business to recover after losing a customer database, for example, or they may not have backup financial resources to survive a hacked bank account.
- 25% of small business owners that experienced an attack and survived lost business. No one makes it out unscathed. Cyberattack victims lose revenue due to extended downtime, loss of customer trust, lost data, the cost of restoring systems and/or replacing hardware.
- Many small businesses do not have a true IT department. In fact, 47% of small businesses with fewer than 50 employees have no cybersecurity budget. Instead, they rely on internal personnel to manage cybersecurity. This often results in hidden gaps and weaknesses in the business’ security posture that are easily exploited.
- The quality and sophistication of illegitimate emails and text messages are increasing. It is getting harder and harder to tell genuine from falsified communications. The availability of employees’ personal data on social media makes it easier to research and impersonate a trusted sender.
- Supply chain corruption. Large businesses depend on small businesses, lots of them. If one supplier gets hacked, the threat can quickly spread to other networked partners. How many other businesses are connected to yours via an enterprise supply chain or ERP system? Can you trust these entities to have malware protection?
- The pandemic fueled cybercrime. The rapid increase in remote work outpaced the ability of most businesses to build secure wide-area networks. This gave criminals more opportunities to exploit unsecured network connections through home-based workers to steal data and credentials.
- Criminals are always a step ahead. Victims don’t always know what to look for until it’s too late. Malware detectors may not recognize new threats. Technology advancements like “dictionary attacks” can undo hashed passwords.
Minimize Your Exposure to Cybersecurity Threats
All these and more are compelling reasons to get out in front of cyberthreats, and your first line of defense should be a strong password strategy backed by a robust password management solution.
Even for small businesses, creating a strong security culture doesn’t have to get expensive. Start with employee education about best practices and tips to identify suspicious messages and how to respond/whom to notify when one crosses their desk. Implement a password management solution like Passpack with a password generator to create, store, and securely share unique, unbreakable passwords among trusted team members. Add additional layers of security with two-factor authentication, limit the number of login attempts before lockout, and safely store vital company financial data, PINs, and account numbers in a centralized encrypted digital vault. Passpack is an all-encompassing password management solution that does all this and more to minimize your exposure to cyberthreats for just pennies per day.
At Passpack, our mission is to provide an unmatched combination of password security and value. Visit us at passpack.com and try our service risk-free for 14 days. You have nothing to lose but your password management headaches.
Sources & Acknowledgements:
- BBC News, 11/2022
- PropertyCasulty360.com, 9/2021
- Infosecurity Group, 6/2022
- Cybercrime Magazine, 1/2019
- Firewall Times, 6/2022