Small businesses frequently find themselves in precarious situations, particularly when it comes to money. A recent survey from G2 showed that almost a quarter of SMEs struggle with “access to capital”, with only 15% declaring themselves “financially stable.”
That goes to show that even the smallest knock to a company’s bottom line can have potentially ruinous consequences, and although small businesses may consider themselves immune from cyberattacks, the reality—and financial toll—of the situation may be far worse than many small business CEOs predict.
The impact of cyberattacks on SMEs
In recent years, financial instability has increasingly come as a result of online attacks. Verizon’s recent report on data breaches showed that 43% of cyberattacks are squarely aimed at small businesses. This year’s Hiscox Cyber Readiness Report put the average financial toll of a cyberattack on businesses of all sizes at a staggering $200,000 per company.
Regardless of their size, what many companies don’t necessarily realise is that cyberattacks are becoming more of a risk because hackers have more devices than ever to target, especially when staff use their personal devices on corporate networks. According to the Gartner Market Guide for Mobile Threat Defense Solutions, thanks to this expanding attack surface, phishing has become an “emerging threat” against networks. Whether through work or personal mobile devices, this now requires new and comprehensive security measures to be implemented by businesses.
The National Cyber Security Alliance has noted that 60% of SMEs will go out of business within six months of being targeted, and 40% have been targets of more than one such breach in cybersecurity. Despite this, and perhaps as a result of their smaller scale, two-thirds of SMEs do not think that they are a cause for concern, and have not taken any measures to prevent cyberattacks at all.
Indeed, companies may not even be aware that they have been hacked until it is too late—according to the Financial Times, it takes around seven months to discover that an attack has even taken place. In particular businesses should remain aware of cybersecurity trends, such as the increase in phishing attacks targeting mobile devices.
Small businesses should also consider the different vectors of an attack: are all of their applications and devices password protected, who has physical access to devices and file storage systems, and what cybersecurity measures are in place?
What small businesses can do to improve their cybersecurity
According to the Hiscox report, businesses only spend around 10% of their IT budget on cybersecurity measures, though 60% of SMEs are planning on increasing their spending on these methods of protection.
Introducing a comprehensive security policy across the company is an easy and effective step, from methods as simple as asking staff to regularly change their passwords to a more formal approach around how employees use social media or cloud services which are not maintained by your business.
Similarly, as HSBC has noted, companies could also limit how employees— any outside contractors or clients—are able to use physical external devices, like thumb drives or SD cards. This can help you to standardise the media used by your business and greatly reduce any external risks.
Guidance on security best practices for small businesses can be found on the U.S. Small Business Administration’s website.
Beyond this, simply providing your staff with training in basic cybersecurity hygiene can help them better identify any mistakes they have been making, and address these issues for their future activity on company devices. Being aware of what information is at risk via mobile devices is a core part of this as it is commonly missed by IT and forms part of the FCC’s recommendations for small business cybersecurity.
To help prevent any cracks in security being exploited cybersecurity services should be used across the all the devices and systems used to eliminate any easily exploitable weaknesses.