Your Company is a Target

Your Company is a Target

Cybercrime has become a major risk for small business owners and 2019 is projected to be one of the worst years ever for economic losses as a result. In fact, some experts are referring to the situation as economic wartime, or cyber warfare. Just a few weeks ago, Verizon reported that 43 percent of the millions of cyberattacks that happen each year target small companies, representing the largest share of the total victim pool. Other sectors, like healthcare, financial, and government barely broke 15 percent.

Many small business owners still fail to realize their entire company is at stake. According to the National Cyber Security Alliance, 60 percent of small businesses will fold within six months of a major cyberattack.


What are your company’s odds of being attacked?

Even though the statistics about cyberattacks point to a strong likelihood that just about every business will encounter some form of digital threat at one time or another (as many as 70 percent of companies, according to network security firm Lastline), the stats can’t provide much indication about your company’s individual risk for an attack. To determine your own company’s odds, an inventory needs to be taken of your unique vulnerabilities. Namely:

  • What’ve you got to steal? If your company possesses highly valuable data, it’s going to be a more attractive target for thieves.
  • Are you part of a supply chain for a larger company? Often, cybercriminals will use suppliers and other vendors as a gateway to breach larger organizations.
  • Can you detect a breach? Will your network systems be able to detect a breach if one were to occur? Is your security up to date?
  • How will your company respond? If an attack were to occur, what will your team be doing to address it?


What types of attacks are the most common?

According to Verizon’s 2019 Data Breach Investigations report, most cyberattacks (69 percent) originated from outside parties. Internal parties were involved in about 34 percent of incidents and partners were involved 2 percent of the time.

Organizations such as Cisco and Small Business Trends have each published lists of the most common threats facing business owners in today’s environment. New threats are emerging all the time, but the current ones that most companies are likely to encounter include:

  • Denial of Service (DoS) attacks – Overloading systems with traffic to cause shutdowns
  • Inside attacks – Most often involving data misuse from current or former employees
  • Malware – Including things like worms, viruses, Trojan horses, ransomware, and others
  • Phishing – Fraudulent communications that appear to come from a reputable source
  • Password attacks, of which there are three common types:
    • Brute force – Use of a program to try sets of common words.
    • Dictionary – Focusing on passwords that are seven characters or fewer.
    • Key logger – A program that records keystrokes made by users.
  • Man-in-the-Middle attacks – Attackers insert themselves into a two-party transaction
  • Structured Query Language (SQL) injection – Malicious code inserted into a server that forces it to reveal information
  • Zero-day exploit – exploiting a network vulnerability before it gets patched


How can you protect your company?

The first step in protecting your company from cyberattacks is to educate yourself and your staff about potential threats and the forms they often take. From there, it’s important to form good habits. For example:

  • Do your employees use regularly changed, complex passwords?
  • Do employees know not to open email attachments from unknown addresses?
  • Have you informed your employees about signs that indicate phishing scams?
  • Are you locking former employees out of your systems?

Following that, basic technical systems should be in place such as a firewall, anti-virus and anti-malware software, secure WiFi networks, and monitoring systems to detect potential threats as early as possible. All of these materials should be routinely updated, in addition to the other software updates your other programs and devices need. Business owners with a modicum of tech knowledge can usually implement these things themselves, and those without can find tutorials online or partner with an I.T. firm.

Make sure that your hardware is secure too, in a physical sense. Servers can be easy to steal, so keep them locked tight.

Lastly, make sure your company is conducting regular backups of its most important files. That way, criminals won’t be able to hold your data hostage and stop your company’s workflow.


Taking cyber threats seriously.

Cybersecurity is probably not what most small business owners saw themselves doing as they built their business dreams, but it’s become an essential part of business. Don’t wait until an attack happens to start getting serious about cyber threats, because by then it’ll likely be too late to recover. Start today.