Hackers have increasingly set their crosshairs on small businesses as their primary targets, which has proven to be very profitable. Cyber threats have grown exponentially in the past few years and despite conventional wisdom, cybercriminals are not as interested in the larger enterprises as they are in small to mid-size businesses.
The reason is simple: Most small businesses don’t take information security seriously. Many have small or nonexistent IT departments who are ill-equipped to face ever-evolving malicious threats. This is compounded by end-users who may be undertrained or unaware of how to deal with attacks such as phishing, viruses and malware. Specifically, attacks known as ransomware – a virus that encrypts company data and holds it for ransom – has been making life a nightmare for SME’s around the world.
The easiest change a business can make to improve their security is to increase company-wide awareness of potential threats. Instituting company-wide training on IT best practices and security standards, such as setting password policies and identifying phishing attempts, can go a long way in mitigating risks. These security standards should also include regularly scheduled patching and updates to eliminate software and hardware vulnerabilities.
Overall, the most crucial defense against any attack is having sufficient data backups. In addition to on-site data backups, off-site data backups provide another layer of protection; not only from local disasters like fires and floods, but also from network attacks as they are isolated from the company environment.
By no means are these the only ways to protect a company’s network and data, but they are the most cost-effective measures that are easiest to implement. The first step SME’s can take to protect themselves from hackers is to take cyber threats as seriously as other business risks.
By: Gregory Kent and Solomon Soldaner