How Your Employees Are Helping Cyber Criminals Without Even Knowing – and What You Can Do to Stop It

SMBCyberSecurity.jpg

So, you think Cyber Criminals are just after the big guys?  Well, you’d be wrong.  According to a 2018 report by Verizon, 58% of Cyber Attack victims were small businesses. 

One would think that cybercriminals are more likely to go after large businesses, assuming it would be more lucrative. There would be a larger payoff and more of a story in the new about it.  But going after the big guys directly isn’t always what happens. Cyber criminals are not only going after small business directly, but they’re using small businesses as a stepping stone to the big ones.

For instance, one example of a larger attack that created big headlines was the Target hack.  As a result of this hack, the credit card information of millions of people were stolen. However, there is one very interesting piece of information about the Target hack that people aren’t aware of.  The hackers were able to gain access to Target’s information by attacking a small HVAC company to get it.  Attackers used the credentials of the HVAC company to gain access to Target’s information.

According to global malware prevention agency Malwarebytes, ransomware caused nearly a quarter of small and medium-sized businesses to shut down in 2017. A more recent analyzation of this statistic shows that around 60% of Small Businesses shut down indefinitely after an attack.  These numbers are incredible, and even with the threat of an attack greater than ever, many small businesses are still not prepared for a Cyber Attack.

What’s worse is that not only are small businesses ill-prepared, they’re employees might be helping attackers without even knowing it.

The top way a Cybercriminal can access the network of a small business is when an employee clicks on a link or attachment in an email that is malicious in nature. This leads to attackers having the ability to access your data.

So how can you prevent a Cyber Attack from crippling your small business?  You can start by changing your company culture.

Never assume you are not the target of an attack.  Your SMB can be targeted just like any other, and one critical mistake most attacked businesses make is that they think it won’t happen to them. Another crucial error small businesses make is that they do not offer proper cybersecurity training to their employees.

Cyrus Walker, Managing Principal at Data Defenders, suggests these tips for helping your small business begin the process of protecting your organization from a Cyber Attack:

-          Change the company mindset. Assume you are always the target of a cyber attack

-          Make sure employees receive proper cybersecurity training. Train them to not click on links or attachments from unknown sources

-          If you don’t have the proper IT resources in house, consider finding a provider that can help protect your business from cyber threats

Organizations should also consider developing a Disaster Recovery Plan. In the event that your SMB is affected by a Cyber Attack even after you’ve taken the necessary precautions, a Disaster Recovery Plan is a very important piece to making sure that your business has a shot to stay functional after an attack. For more on Disaster Recovery Plans, read our blog here.

By following these steps, organizations can begin to change company culture and help protect their small business.

Story via Forbes