Many cybercriminals look at small businesses like blank checks. More often than not, small businesses just don’t put money into their cyber security, and hackers and cybercriminals love those odds. They can target small businesses at random, and they are all but guaranteed to find a business that has no IT security – or the business does have some security but it isn’t set up correctly.
At the same time, cybercriminals send e-mails to businesses (and all the employees) with links to phishing websites (websites designed to look like familiar and legitimate websites) or links to malware. They hope employees will click on the links and give the criminals the information they want. All it takes is ONE employee to make the click.
Or, if the business doesn’t have any security in place, a cybercriminal may be able to steal all the data they want. If you have computers connected to the Internet and those computers house sensitive business or customer data – and you have NO security – cybercriminals have tools to access these computers and walk away with sensitive data.
It gets worse! There are cybercriminals who have the capability to lock you out of your computer system and hold your data hostage. They may send along a link to ransomware, and if you or an employee clicks the link or downloads a file, your business could be in big trouble. The criminal may request a sum of money in exchange for restoring your PCs or data.
However, as some businesses have learned, it’s not always that simple. There are businesses that have paid the ransom only for the cybercriminal to delete all of their data anyway. The criminal walks away with the money and the business is left to die.
And that’s not an understatement! Once cybercriminals have your data and money, or both, they don’t care what happens to you. Cybercriminals can do more than just major damage to small businesses; their actions can literally destroy a business!
This goes to show just how critical good IT security really is, but we find that many business owners still don’t take it seriously. Even as we enter 2020, there are business owners who don’t consider cyber security a high priority — or a priority at all. In other words, “It hasn’t happened yet, so it probably isn’t going to happen.” Or “My business isn’t worth attacking.”
Cybercriminals don’t think like this. It’s a numbers game and only a matter of time. Business owners need to adapt to today’s online landscape where just about everything is connected to the Internet. And if something is connected to the Internet, there is always going to be some level of vulnerability.
Here’s the latest scam. With the growing number of businesses that have Cyber Insurance, the ransom requests are starting at $5 million dollars because they know many businesses have insurance that will pay. Insurance companies are keeping to the letter of the agreement, so make sure you’re in compliance, which often includes promises that you’ll keep your equipment maintained and patched (no Win 7 machines).
But you can control your level of vulnerability! You can be ’penny wise and pound foolish,’ or complacent and do the bare minimum, which will put your business and customers at risk. Take this seriously and put IT security measures in place – a firewall, malware protection, secure modems and routers, cyber security insurance, and working with a dedicated IT company. There are many options to secure your business.
The reality is that cyber security should be a normal, everyday part of any business. And anyone thinking about starting a business should be having the cyber security talk right from the very beginning: “What are we going to do to protect our business and our customers from outside cyber threats?”
When it comes down to it, not only do you need good cyber security, but you also need a good cyber security policy to go along with it. Start by educating your staff about staying safe when online. There’s a saying that most people need to be reminded more than they need to be taught, and I think that applies here.
Think about that question and think about the security you have in place right now. No business is too small or too obscure to be hacked.