Cybersecurity’s Era of Human Error puts SMBs at risk

Cybersecurity’s Era of Human Error puts SMBs at risk
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="3"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

According to recent surveys, most SMB owners don’t believe cybersecurity will be an issue for them. According to cybersecurity firm 4iQ’s report “The Changing Landscape of Identities in the Wild: The Long Tail of Small Breaches 2019”, this past year has seen “a significant shift from attacks on not just large companies, but increasing attacks on a greater number of small businesses – the long tail – as hackers targeted unsophisticated and unsecured small businesses and supply chain vendors.”

This is supported by Verizon’s “2019 Data Breach Investigations Report,” which states that “43% of (all) breaches involve small business victims.”

In 2018, the National Cyber Security Alliance reported that out all SMBs that have been hacked, 60% went out of business within six months.

How can SMB owners be certain that they haven’t already been victim to an attack? Unless their network is monitored, intrusions can go unnoticed and valuable data can be stolen, putting your business at risk.

Many SMBs simply underestimate the digital threat and aren’t willing to invest in securing their data. Hackers have discovered that naive SMB owners are pretty much leaving the door wide open for them to hang out and steal information through their unsecured network.

Businesses who don’t put cybersecurity as a top priority going into this next decade are setting themselves up for failure. According to the Hiscox “Cyber Readiness Report 2019”, 60% of SMB owners plan to increase cyber security in the next year.

What changed?

Well, cybersecurity gets trickier as technology advances. Phishing attacks were the most prevalent this past year, wherein an employee accidentally gives access to one or more accounts through a spoofed login page.

Of course, you’ve all heard about ransomware that locks and encrypts your files and data, not letting up until you pay a lump sum of money. High-profile targets such as Walla Walla University have been in the news recently. Negligence on the part of the employee is by and far largely what leads to these attacks. According to a 2018 report by the Ponemon Institute, 79% of ransomware attacks got help from phishing attacks.

The Ponemon report goes onto reveal that 41% of all ransomware attacks compromised mobile devices.

There has been a rise in malware infections entering SMB networks through BYOD devices, such as personal laptops or cell phones.

If your employees want to use their personal devices on your network, it is within your right to use a mobile device management platform that secures these devices by enabling a blacklist of prohibited applications. If an employee uses their phone for work-related activities, they need a way to lock the device. Plain and simple, you don’t want trade secrets or confidential information to be picked up off a barroom floor.

Businesses who use a Windows environment have been increasingly on alert for new kinds of attacks that evade classic anti-virus software. File-less malware, for example, can come in the form of an attachment your colleague sent you – except it wasn’t your colleague—it was an imitator.

The chances of an SMB’s network being compromised through one of these ways relies on how well-trained its employees are in being able to discern faux/spoofed e-mails from the real ones. Here at Direct iT, we offer trainings as well as Dark Web scans, which scour the internet looking to see if credentials linked to your business have been compromised.

In 2020, it’s better to be prepared than to ignore the digital threat.