Malicious hackers, better known as cybercriminals, are in the news a lot. From ransomware perpetrators extorting money to anonymous’ political hacktivism, cybercriminals are more active than ever – exploiting an increasingly connected world. But what are the risks to small businesses? And what can small business owners (SMBs) do to protect themselves from these malicious individuals and groups?
What cybercriminals do
It doesn’t take long to find a site or network with poor security. Threat actors don’t spend days or weeks trawling the internet looking for sites to hack. They create code that ceaselessly scans for weaknesses, flaws and open doors, such as weaknesses in accounting software, or social media.
A single hack may only result in a few hundred sets of credit card details. But that sensitive data is still highly desirable because of its value on the black market or to the business owner who will pay a lot of money to get it back.
Even if the cybercriminal doesn’t sell or share the data they steal directly, they can use it to set up other accounts online and create false or duplicate identities based on real people – your staff, your customers, your partners. These identities are then used to commit fraud or other crimes. Or simply to cause disruption and havoc.
Why target SMBs?
The evidence is clear. Regardless of company size or the cybercriminal’s objective, the main reason many small businesses are hacked so easily is because of the low-level security measures they have in place. A shift in attitude is required.
- SMBs are attractive to bad actors because they tend to have weaker online security
- If you have any Fortune 500 companies as customers, your company is an even more enticing target, as it can act as an entry point for cyberattackers
- Perpetrators can easily steal information and hold it for ransom.
SMB negligence?
What is not so clear is why businesses are still leaving their keys in the ignition. Believe it or not, the most popular passwords in 2017 were still ‘123456’ and ‘password’.
Likewise, when a business owner thinks ‘I’m a small business, malicious attackers won’t be interested in me’, they may not bother investing in antivirus software.
If this is the case, they’re letting their guard down on at least two counts: a misguided belief and much weaker security. Both of these increase the attraction and ease with which cybercriminals can break in.
[st_quote template="B1" quote="One study reported that in 2017 only 17% of small businesses in the US used antivirus software." author="" link=""]
A change in attitude
Think of your business as being in a constant state of compromise and flux. This doesn’t have to be as pessimistic or alarming as it sounds. It’s a pragmatic approach based on the recognition that trying to predict and defend against all possible attacks at all possible times is extremely resource intensive and costly. Rather, it is best to accept that a certain amount of compromise is always likely.
With that in mind, you can then maximize and allocate whatever resources are available in tackling the most likely attacks. This represents a constructive and helpful shift in attitude. It means you accept that you can’t always foresee every attack and instead you take steps to minimize the impact in case a big attack happens.
What can you do to protect yourself?
In a short amount of time, by carrying out a few straightforward measures, you can easily raise your level of security against the most common threats, without an extravagant cost to your business.
We recognize that small businesses owners can’t always afford dedicated IT support or commercial levels of antivirus. That’s why we created AVG Business’ multi-layered security antivirus software designed specifically for small businesses’ needs and budget.
Read more about AVG Business antivirus software.
As well as ensuring you have an up-to-date, high-quality antivirus, it is essential to train your employees to recognize threats, update their software and know what to do if they think they’ve been compromised.
Read our infographic article that details all of the points of entry cybercriminals can use to gain access to your business. This includes information on:
- Mobile devices
- Passwords
- The cloud
- Emails
- Websites
- Two-factor authentication
- Public Wi-Fi