It's been obvious for a while now that the internet is a dangerous place. Individuals are targets for harassment and abuse. Content creators have to deal with offline. Kids have to look out for strangers looking for ways to exploit them. All in all, it's not a pleasant environment. stalkers tracking them down But those dangers are well-known and most users try to take steps to protect themselves. But there's one group that faces danger online every day that doesn't seem to notice, care, or even attempt to mount a defense. I'm talking, of course, about . small businesses Every year, small businesses are the top target for cyberattacks. And every year, small businesses seem to go on their merry way without doing much to address the risk. For proof, look no further than a recent survey that indicated that weren't concerned with being a victim of a cyberattack in the next 12 months. And 24% of them even reported not having any concern at all! 56% of small business owners One wonders if the survey respondents bother to lock their businesses' front doors at night. And the most frustrating thing about this is the fact that improving small business cybersecurity isn't hard. With just a minimum of effort, the average company could dramatically reduce its risk of being victimized. Here's how. Solve the People Problem A chain is only as strong as its weakest link. This is also true of small business cybersecurity. And the bad guys know it, too. That's why they target rank-and-file employees looking for an easy way into a business's protected systems. According to the 2021 Verizon Data Breach Investigation report – involved some kind of human element. 85% of data breaches in 2020 Their weapon of choice when doing this is phishing. This is when an attacker uses a spoofed or otherwise altered email, phone call, or another communication method to trick an employee into divulging sensitive information. And the reason it's so effective is that most businesses don't bother to educate their employees about the threat or define clear policies around security. All a small business needs to do to fix this is to establish clear rules about what kind of information employees may divulge via email, phone, and other modes of business communication. Then, make a violation of those rules a fireable offense. That alone will lower the risk of anyone carrying out a successful phishing expedition against the business. Stop Using Passwords For years, security professionals have insisted that complex passwords were the keys to account and device security. But in reality, that's nonsense. The truth is that passwords are a – even when you go out of your way to make them complex. The reason for that is simple: humans don't have good memories. terrible form of security Everyone's familiar with the typical complex password requirements of most sites and services. Passwords must be at least a certain length, contain a capital letter, a number, and a special character. Researchers at Carnegie Mellon University did a study to see . They found that Depressing, isn't it? how people tend to satisfy those requirements most people simply capitalize the first letter of their password, add the number 1, and an exclamation point. The real security solution small businesses should turn to is to stop relying on passwords for security at all. At a minimum, they should be using two-factor authentication on every account and device. And even better, they should to secure any account that allows for them. use hardware keys Don't Fall For Ransomware Over the last few years, one of the biggest cyber threats small businesses had to contend with was . The idea of it is simple. The bad guys get into a business's systems and encrypt everything – then demand a hefty payment for the keys that unlock everything. A targeted business has few options once they've gotten hit. ransomware They can either try to recover the data from their backups, or they can pay the attacker the ransom. The former is the right response, but the latter is unfortunately what plenty of small businesses choose to do instead. But that just encourages more attacks. And indeed, there's evidence that plenty of after they've already suffered a successful attack. And why wouldn't they be? They've proven to be an easy target that will cough up a ransom payment once, odds are they'll do it again, right? companies get re-victimized To avoid this, all a business has to do is to maintain complete and updated (preferably offline) backups of all of their critical data and systems. Then, create a policy to ensure that all business devices get every security update that becomes available right away. And if they don't already have one, they should add an endpoint security solution to their devices that can spot ransomware before it can do any damage. Always Have a "Plan B" Believe it or not, the three simple bits of advice above would make the average small business all but immune to most garden-variety cyberattacks. The average attacker isn't going to want to waste their time going after a hardened target, and most will just move on to a more vulnerable one. But there's no way to lower the odds of a cyberattack to zero. That's why every small business – and especially those with a heavy dependency on data and digital services – should . A typical small business cyber insurance policy is cheaper than what you'd pay to insure a car in most states. And the alternative isn't worth considering. look into cyber insurance According to the US Securities and Exchange Commission, around half of small businesses that suffer a successful cyberattack are . They just don't have the financial wherewithal to deal with the resulting fallout. But the same doesn't happen after conventional burglaries. Why? It's because most businesses just report the incident to their insurer, replace the missing goods, and reopen for business. There's no reason that a cyberattack should be any different. out of business within six months The Bottom Line At the end of the day, it's unlikely that the internet will ever get much safer. And that means that everyone connected to it – including small businesses – needs to wake up to that reality. The sooner they do, the sooner they'll become part of the solution to the problem, rather than just adding more fuel to the fire. And those that can't (or won't) do that, I leave you with a question: what's your address, and when do you close for the night? Because I have a feeling that cybersecurity isn't the only kind of security you're neglecting.

Chain

Target

A Simple Live Stream Toolkit for Business

GPT-3 is Already Making Programmers' Lives Better and There's More to Come

Read the latest tech guides

Nominated for 2022 - HackerNoon Contributor of the Year - Natural Language Processing

Nominated for 2022 - HackerNoon Contributor of the Year - Low Code

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

SMBs Are Easy Prey for Cybercriminals, But They Don't Have To Be

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

3 AI and Analytics Solutions Startups and SMEs Should Use Right Now

3 Simple Upgrades to Improve SMB Cybersecurity

Best Antivirus for PC Gamers in 2021

Cryptojacking: What the heck is that?

How to Claim your Free Avast Subscriptions: For Noonies Winners with Love

3 AI and Analytics Solutions Startups and SMEs Should Use Right Now

3 Simple Upgrades to Improve SMB Cybersecurity

Best Antivirus for PC Gamers in 2021

Cryptojacking: What the heck is that?

How to Claim your Free Avast Subscriptions: For Noonies Winners with Love

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps