New research from business news site The Manifest shows 15% of US small businesses suffered a hack (7%), virus attack (5%), or data breach (3%) in 2019. The good news is nearly two-thirds of business owners and managers claimed they will increase their cybersecurity resources in 2020.
The problem is the coronavirus crisis has forced the majority of small businesses to close and raised questions about whether those businesses that survive will be able to afford to invest scarce financial resources into increased cybersecurity.
Cyber-attacks on small businesses can be devastating, costing time, money, loss of customer loyalty, and negative impacts on the company’s reputation.
Scale of the cybersecurity problem
The data companies most commonly collected are contact information (61%), customer name (52%), customer location (39%), the physical address of the customer (36%), and payment details (31%). This type of customer personal data and payment information is of high value to hackers.
Cybersecurity consultants 4IQ found a 71% increase in data breaches for small businesses estimating that more than 14.9 billion identity records were circulating in underground communities in 2018. Cybercriminals begin shifting their focus to small business resulting in a 424% increase in new data breaches over the previous year.
Attacks on government agencies also grew 291% over the previous year with citizen data and voting records under attack in the increasingly unstable US political environment.
Work from home security challenges
With millions of employees working from home during the COVID-19 crisis, company data security challenges have taken a new and more difficult path.
“When employees move away from office systems that are maintained by at least an outsourced IT administrator, [companies] become vulnerable to online threats,” said Naomi Hodges, cybersecurity advisor at privacy protection company Surfshark.
Remote or home environments typically lack some of the usual business data security enhancements including secure Wi-Fi networks, endpoint protection, encrypted software, up-to-date virus protection, and secure work devices.
The cost of doing nothing?
The cost of doing nothing could not be higher, however.
“It begins with small businesses believing — erroneously — that it cannot happen to them. Although a hacker might not single out a small business, businesses can certainly become victims of hacks and other cyber-criminality,” said Charles Lee Mudd Jr., founder, and principal of Mudd Law Firm, which specializes in internet, startup, intellectual property, privacy, defamation, space, and entertainment law.
Most small businesses (64%) said they planned to put more resources into cybersecurity this year, but 29% were unsure and 7% said they were not likely to devote more resources to data security in 2020.
The sudden economic downturn caused by the COVID-19 pandemic may mean small businesses can’t follow through with cybersecurity improvement plans, though, just as cybersecurity becomes more important than ever due to many businesses moving online and employees working remotely.
Two best strategies to increase cybersecurity
The most popular strategies small businesses used for cybersecurity are limiting employee access to data (46%) and encrypting data (44%), followed by requiring strong passwords (34%) and training employees on data safety (34%).
Limiting employee access reduces the access points where data can be accidentally or intentionally exposed. Meanwhile, encryption provides a bigger safety net even if employees who have access find their devices stolen or exposed.
One of the best long-term solutions for cybersecurity, though, is regularly keeping employees trained on cybersecurity best practices.
“The top cybersecurity threat to small businesses is an insider threat because employees let cybercriminals in,” said Cyrus Walker, principal at Data Defenders, a cybersecurity services provider.
During the coronavirus crisis, that type of cybersecurity training is many times more difficult to implement or simply not an option for many small businesses. But there are some innovative solutions and training materials available from a wide range of business associations, government, and other sources with many tips and guidelines for personal and small business data security.
You can read more about small business cybersecurity at The Manifest.
LET’S CONNECT