Between the Target, Home Depot and Bank of America breaches, it seems every week there's news of another large corporation getting hacked. What does not seem to get the spotlight are all of the small businesses that are extremely vulnerable to cybercrime. In fact, small- and medium-sized businesses (SMBs) have emerged as the preferred target for malicious hackers, with half of all SMBs in the United States reportedly experiencing cyber attacks, according to a recent study by the University of Connecticut.
While SMBs don't generate ample payouts individually, their lack of sophistication allows hackers to take a "spray and pray" approach, attacking SMBs by the thousands, or even millions, with little investment required.
Despite these realities there's often a false sense of security and lack of awareness amongst SMBs. They think a breach will never happen to them. However SMB cyber attacks grew a staggering 60% in 2014, and the average cost to make infrastructure and security-related repairs for those breaches was almost $9,000 (excluding brand damage and other soft costs). Most don't have cyber insurance in place to cover these losses, should the unexpected happen.
The expression "your reputation precedes you" rings especially true for SMBs. Consumers are wary of taking their business to a new, unproven company, and if you suffer a cyber attack, customer loyalty is sure to wane quickly. It is critical for SMBs to start prioritizing their cybersecurity efforts.
To better maintain the security of your SMB, consider the following five tips:
Passwords may seem like an obvious or even simplistic cybersecurity topic, but many SMB employees have weak or painfully obvious passwords. Passwords that are too short or contain personal information are easy to crack. Make sure your employees use passwords that are unique, long and complex, include both upper and lower case letters, include symbols and numbers. Make sure these don't include a phrase that is a favorite quotation or popular expression. Some people don't change passwords for years, and often use the same password across multiple sites. This is not a good practice - your customer data needs extra protection and having the right password policy in place is a crucial first step.