Why SMBs are vulnerable to cyberattacks

Why SMBs are vulnerable to cyberattacks

There’s a popular myth that cybercriminals only target large businesses largely due to the belief that bigger firms hold more sensitive data. This isn’t really true, however. According to Verizon’s 2019 Data Breach Investigations Report (DBIR), small businesses accounted for 43% of cyberattacks. But why this trend? Let’s take a look at some possible reasons:

Cyberattack statistic

#1. Negligence towards cybersecurity

Small- to medium-sized businesses (SMBs) don’t see themselves as potential targets for cybercriminals. They believe that they have nothing of value to an attacker, so little money is allocated to network security. So even though SMBs generally store less sensitive information than large enterprises, they are easier to infiltrate than large businesses that invest on robust technology.

The bad news doesn’t stop there. SMBs also find it more difficult to recover from a cyberattack. According to the US National Cyber Security Alliance, 60% of firms have shut down within six months of a security breach.

It’s a good idea for SMBs to remember that they’re just as vulnerable as any other business when it comes to cyberattacks. It’s important to be proactive and prevent damage from being done to your organization.

#2. Poor passwords

Recent statistics show that 80% of hacking-related breaches still involve compromised and weak credentials. That’s because too many users still don’t care about thinking of secure passwords for their accounts. They use easy-to-guess passwords such as “12345678,” “passw0rd,” “football,” and the like.

Most software companies force users to create better passwords by requiring special characters and numbers, but this makes passwords harder to remember. Instead, the National Institute of Standards and Technology has recommended a new policy that businesses can follow:

  • Use passphrases. Instead of complicated strings of text, organizations can use passphrases. These are composed of a sentence or a combination of words such as “notebookcherryrecordwater7541” or “strawberryshortcakesaredelicious”. A long password containing dictionary words is easier to remember and are exponentially harder to hack.
  • Reset passwords only during breaches. It’s a common security policy to change passwords monthly to keep accounts safe. However, this ends up causing more issues as frequent password changes cause users to suffer from password overload.

Businesses are now advised to require a password reset only after a data breach. For instance, if a hacker successfully infiltrates your system, force employees to change their passwords to prevent any more data from being stolen. They have to come up with a new string of text completely unrelated to the previous one.
Use multifactor authentication (MFA). MFA is the use of more than one verification method, such as a one-time smartphone code or a fingerprint, to confirm a user’s identity. By adding another security layer, hackers won’t be able to steal confidential data even if your employees accidentally leak their credentials.

#3. SMBs are doorways to larger enterprises

Cybercriminals are aware of how poor the cybersecurity habits of SMBs are, so they’re taking advantage of this to hack into the systems of bigger companies. This happens when a large corporation partners with a small company like vendors or contractors whom they provide network access to. As soon as hackers successfully gain access to the IT systems of SMBs, it’s only a matter of time before they infiltrate the large companies’ systems.

Remember that one attack alone can be fatal not just to your business, but also to your partners. Invest in security software such as firewalls, virtual private networks (VPNs), and the like. Also, take time to talk to employees about the importance of keeping data safe, as they can be the ones who might eventually be the cause of a data breach.

#4. Lack of proper cybersecurity training

Your business might have conducted cybersecurity training sessions in the past year to inform employees about keeping their data secure. However, a common mistake done by other organizations is not updating protocols or following it up with practical exercises.

Cybersecurity is an ever-changing environment, and hackers will always find new ways to attack any business, so it’s a good idea to err on the side of caution. Here are some topic ideas for your next training session:

  • Safe internet habits: This involves refraining from installing programs or downloading files from unknown sources, and not opening suspicious-looking emails or links.
  • Social networking: This opens the floodgates for cyberthreats like phishing. Implement an effective social networking training program that limits the use of Facebook, Twitter, and other similar services. This should also guide employees on what to do during attacks.
  • Removable devices: Flash drives and external hard drives can easily be infected with malware such as viruses and ransomware, which can pose a threat to your data’s safety. Educate your staff about the repercussions of plugging in removable media. Disable this function on your office computers consequently.
  • Physical security controls: Train employees to be wary when letting unknown people inside the office. These visitors could be looking for ways to steal confidential information like connecting to the office Wi-Fi network, copying handwritten login credentials on desks, or accessing unattended computers. Teach staff to be aware of their surroundings and the people around them to ensure data safety.

#5. A lack of a bring your own device (BYOD) policy

A growing number of employees are now using their personal mobile devices such as smartphones, laptops, and tablets to get work done. Not only is it convenient, but it also allows them to work from any location with an internet connection.

However, by using a personal device without supervision, users are potentially exposing your company’s data to hackers. For instance, if they’re connected to the internet using an unsecured Wi-Fi connection, cybercriminals can take advantage of this to silently steal your confidential information.

Microsoft Intune makes it easy for organizations to come up with an effective BYOD policy with the least hassle and worry about security gaps. Thanks to its built-in mobile application management feature, employees can freely use their personal devices for work without worrying about security breaches. Intune also makes it possible to keep files secure though a corporate app, eliminating interference with other programs.

You can also make use of corporate accounts. This way, work-related data is separated from personal files, and you’ll be able to control access to your company’s apps and files.

It’s time to put an end to your cybersecurity worries. At Binatech, we take a proactive approach to all your IT infrastructure needs, so your data is always stay protected 24/7/365. Ready to learn more? Schedule a FREE network assessment with us today.