Can only big companies afford cybersecurity? What smaller firms need to know.

The common misconception that smaller businesses are not worth attacking can result in more lax attitudes to security among these companies and their C-suites. This attitude can be a small business’s downfall. In today’s world of hacks and security breaches, no company can afford to be without cybersecurity.

The cost of good cybersecurity can be high. What might be a “line item” in a budget of a multinational company is a real percentage of revenue for the SMB. And so many SMBs decide they cannot afford the raw dollar cost and they opt to do nothing at all. That’s the wrong approach.

A survey published by Manta in March 2017 showed that 87 percent of small-business owners did not feel that they were at risk of a cybersecurity attack. But SMBs, just like large corporations, have what thieves want - employee data and customer data they can exploit. 

Hackers assume, usually correctly, that an SMB has no defense against email being hijacked by those intent on committing fraud, or no real defense of networks where valuable customer and employee data lives. But that doesn’t have to be the case. For not much money, you can do quite a bit.

Cybersecurity for all.

Consider - why do people put a “Protected By” alarm sign in front of their house announcing they have a burglar alarm? A thief can get in and out in 20 minutes. But the sign is a deterrent. You just need to make it hard enough that the thief looks for an easier target.

Most (not all, but most) attacks happen by exploiting very basic protocols. The 2017 Manta survey also found that 1 in 3 small businesses don't have the basic tools in place —spam filters, hard to guess passwords, data-encryption tools, antivirus software or firewalls — to protect themselves.

Higher end cyber defense is expensive. Look at Cisco ISE, FireEye, etc. It is cost prohibitive for small companies. Hackers know that. But to leave yourself defenseless is how you lose a battle.

Poneman Institute and Keeper Security’s findings show:

According to this, the major problems are the same for big or small businesses as far as security risks – but at their heart, it is people, and people are trainable.

There are also simple things business owners can do to pinpoint their weakest links and fix them.

Three Protective Measures

1.   Audit

Cyber defense audits are expensive – but don’t have to be. The secret is that auditors find it easy to pack reports with items that could be easily identified and fixed now at low to no cost. A basic cyber security audit should be less than $5000. It doesn’t need highly specialized by a credentialed security specialist to find the basics. It simply needs to find the point to elevate the work for a hacker.

2.   Educate

Everyone has been on the end of a phishing scam at least once. Make sure your staff is trained NOT to open them. Phishing scams now come by phone followed by email to make them appear more legitimate. Understanding what a potential attack looks like is key to preventing one.  

Build a strong cybersecurity program. Educate your staff and build a culture of security. Ask your staff to create strong passwords by choosing three random words that aren’t easy to guess and ensure they use a separate password for work accounts.

3.   Optimize

Optimize what’s already in place. Training your existing IT staff or hiring an MSP or security expert you trust is probably the best initial investment an organization can make.

A common mistake businesses make, with cybersecurity or in general, is to invest in the latest and greatest tech only to find that they lack the internal “know how” to implement it properly. With a strong #2 (education), the latest and greatest tech, and the accordant costs, are not necessarily needed.

A Final Word

The comment we hear often is that “we have never been hacked.”  There is no way you, or your IT department, could know that unless you have very advanced tools. Cyber threats evolve daily and that firewall bought and installed four years ago is likely easily hackable with today’s technology. A good hacker does not leave a trace.

Remember, the implications of a cybersecurity breach are strategic: a compromise can create financial and credibility issues — both of which can close a company for good. While a large company can afford this hit, many small businesses cannot. Take the steps you need to be prepared.