99% of the businesses in the US are small businesses, over 93% of these affected by covid. Prior to Covid, 80% of the US small businesses were not taking advantage of the digital tools, however, the impact of the landscape is shifting firmly and the new normal includes an almost overnight need to either digitize or shutdown besides major shifts in business strategy and services, new revenue models such as subscriptions and fulfillment channels such as pick pack and ship, streamlining fixed costs and generating visibility via social media among other things.
This in itself is an amazing achievement and all of us root for the underdog but as I think through this journey from the eyes of an SMB who is already being inundated with the need to innovate rapidly to survive, a glaring risk pops up – the need to educate and/or protect them from cyberattacks and data breaches. Let me elaborate:
1) There were 8,854 recorded breaches between January 1, 2005 and April 18, 2018.
2) Over 3.5 billion people saw their personal data stolen. This included things like passwords and credit card information.
3) Over 43% of online attacks are aimed at small businesses, a favorite target of high-tech villains.
4) In the last year, 76% of the businesses reported that they had been a victim of a phishing attack.
5) It takes more than half a year for businesses to recover from these attacks
6) Only 14% of these businesses are prepared to defend themselves
7) The average cost of a data breach for an SMB is 200k
Large enterprises have the benefit of having dedicated security teams and procedures. However the sophistication of these attacks keeps increasing with increased success; after all data is the world’s most important currency. With this in mind, the need for SMB’s extends beyond just to very quickly selling and fulfilling online to investing in the right level of security mechanisms to protect themselves and their businesses and their customers. Regardless of the maturity of the business, here are some basic steps to follow:
1) Take regular backups of your data, encrypt it and store it in a secondary location.
2) Not every employee needs every access. Start with the minimal permissions for any new role and add permissions as needed. Also downgrade and remove accesses if they are no longer needed.
3) Keep your antivirus up-to-date on any machine that is used to access your applications. Don’t open any attachments that you are not sure about. The most innocuous names could mask the most dangerous malware.
4) Never use “Password”, “qwerty” etc. as passwords. Here are some common ones that a hacker tries first. Use password generators and separate passwords, don’t share your passwords with anyone including your employees and don’t stick them as post-it notes on your laptop or monitor. Use 2FA (2 Factor authentication) to have an additional layer of security
5) Be extremely careful while accessing private information using public wifi, keep your devices with you at all times.
6) Be extremely careful sharing any kind of private information with anyone.
These precautions get the SMB’s started down the road of transacting online safely and help them focus on revenue generation activities that keep their doors open without additional security headaches.
Sources:
https://www.jpmorganchase.com/corporate/institute/small-business-economic.htm
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
https://www.cyberdefensemagazine.com/cyber-security-statistics-for-2019/