It is always important for businesses to ensure their employees work securely, both at the office and home, as threat actors continually look for ways to attack. However, helping employees work safely while remote is more critical than ever due to the impact of two trends – the dramatic increase of people working from home and the impact of data breaches, particularly the rise in data breach costs.
With more people working remotely, the internet-centric environments of office and home introduce a new set of security vulnerabilities. According to a report published by Malwarebytes, 20 percent of cybersecurity leaders say they have faced a security breach because of a remote worker in 2020.
Meanwhile, the cost of mitigating a data breach for small-to-medium-size businesses (SMBs) is far higher than most business leaders’ area aware. According to AppRiver Software, $149,000 was the average cost of a data breach for an SMB in 2019. However, most SMB leaders estimate the cost of a data breach to be around $10,000. Only 19 percent of survey respondents acknowledged that costs could surpass $100,000.
With this year’s Cybersecurity Awareness Month theme being “Do Your Part. #BeCyberSmart,” it is a great time to focus on the impact of data breaches on SMB’s and the importance of securing your employee’s data. It is vital employees are conscious of the vulnerabilities for the safety of themselves and their company.
SMB Cybersecurity & Cyber Resilience
There is an idea within some SMB’s that they are too small to be attacked because there is less value in their information. It is simply not true. In fact, small businesses are more likely to be targeted with a ransomware attack. According to Infrascale, 46 percent of all small businesses have been the targets of a ransomware attack. Of the companies hit with a ransomware attack, nearly three-quarters (73 percent) have paid a ransom.
Now, as many companies are being impacted by COVID-19 restrictions, SMBs find themselves ill-prepared to address cybersecurity issues.
- According to the National Small Business Association’s testimony before the U.S. Senate Committee on Small Business in March 2019, only 14 percent of small businesses rated their ability to mitigate cyber risk and vulnerabilities as useful.
- In a study by the Cyber Readiness Institute (CRI), half of the small businesses interviewed expressed concerns over remote work leading to more cyberattacks. Only 22 percent of companies with less than 20 employees had offered additional cybersecurity training before commencing remote work operations.
- The Malwarebytes report shows that 18 percent of respondents at SMBs and Enterprise-scale organizations admitted cybersecurity was not a priority, and five percent admitted their employees were a security risk who were oblivious to security best practices.
- Twenty-eight (28) percent of respondents admitted using personal devices for work-related activities more than their work-issued devices, creating a significant cybersecurity vulnerability.
Actions to Take
While there is the impression that SMB’s are too small to be attacked, not all business owners feel that way. According to a U.S. Senate Committee on Small Business testimony in March 2019, 62 percent of SMB owners expressed they are very concerned that their business could be vulnerable to a cyberattack, both in terms of being targeted by a cyberattack, as well as the potential for unnecessary regulatory burdens that could accompany efforts to stem online attacks.
To protect you and your customer’s data, businesses should:
- Develop more robust security policies. The stronger the policies are, the harder it will be for a cyber attacker to strike.
- Train employees on cybersecurity. Businesses should show their employees what to do, what to avoid and what to look out for. Trainings can be tailored to the individual employees and their respective departments.
- Update all of their software, including the operating system and applications. Keeping software updated reduces the likelihood of an attack.
- Add a stronger passphrase to their home Wi-Fi and wired networks. A strong passphrase can be very difficult for a hacker to crack.
- Keep their work passwords and personal passwords separate to reduce the risk of a credential stuffing attack. Using the same password could result in a hacker being able to gain access to multiple accounts.
- Add two-factor authentication (2FA) to personal and business accounts where possible. This helps ensure any attempt to login to a protected login is actually you.
- Not click on any links, open any attachments or download any files from an email they are not expecting. Scammers are trying to strike with all kinds of COVID-19 scams. Consumers should go directly to the source to verify the validity of the message.
Data Breach Resources for SMBs
Right now, it is vital to focus on the impact of data breaches on SMB’s and securing your employees. To access the latest data breach information, and learn more about the impact of data breaches, employees and businesses should also visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.
The National Cyber Security Alliance’s CyberSecure My Business program has a library of free resources, including videos, tip sheets, infographics and more–all designed for the small business community. You can access those resources here: https://staysafeonline.org/resources/?filter=.topic-cybersecure-my-business.resource-item
If you have additional questions, you can speak with an ITRC expert advisor on the website via live-chat, or by calling toll-free at 888.400.5530. Victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.