As a business owner, you have enough to worry about.
Now, you have to worry about being a cyber target, too. But, what does it mean to be a cyber target? Is there something more you should do? Your business already has a firewall and anti-virus software. Isn’t that enough? Your business isn’t a multinational corporation, after all.
You and your business are a target because hackers want a return on investment (ROI). The days of a lone hacker are long gone; instead, cybercriminals form groups, operating as a crime syndicate. They identify profitable targets and set their considerable resources to complete an attack. If you are identified as a target, odds are you, and your organization will be attacked.
Business owners, especially of small-to-mid-sized companies, are considered prime targets because:
- They are extremely busy and more likely to click on a link or download a file without looking at the sender.
- Their company’s cybersecurity is less stringent than larger organizations.
The latest statistics on cybercrime show that:
- 43% of cyberattacks target small businesses.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, or attacks as highly effective.
- 60% of small companies go out of business within six months of a cyber attack.
None of those statistics are good news for business owners. What are some of the threats that take advantage of an executive’s busy schedule?
Most cyberattacks begin with a phishing email. A phishing email tries to entice the recipient to click on a link or open an attachment, which is designed to either collect data, deploy malware, or provide access to an organization’s network.
Spear phishing is targeted phishing. A cybercriminal sends an email that appears to be from a trustworthy source. The recipient clicks on a link or downloads an attachment. When the recipient is a business owner, the hacker acquires access to a higher level of data and credentials, making it easier to obtain valuable information.
Executives aren’t always as careful about checking the sender of an email as they should be. There’s always so much to get done. It’s easy to be distracted checking emails on the run. Sometimes the cybercriminals want access to the network so they can make a more profitable cyberattack such as a business email compromise (BEC). Often, they deploy ransomware, which is still the most popular form of cyberattack.
Ransomware is a form of malware that prevents end-users from accessing their data. To restore access, the business must pay a ransom. The latest ransomware wipes out shadow volumes, security event logs, and backups, making it harder to find the malware or to restore the system. If a cybercriminal can deploy the latest ransomware, your organization will pay the ransom. That’s why, everyone should be vigilant when checking email.
If you want cybersecurity to be a priority, the process has to begin with you, the business owner. Employees need affirmation that cybersecurity is central to business operations. They must see that leadership is participating to believe that cybersecurity is everyone’s responsibility.
To secure your business, start with these steps:
- Create a plan for how your data is gathered, managed and stored
- Determine who should have access to what data and limit access to those individuals.
- Identify your critical vulnerabilities and how to mitigate any possible attacks.
- Provide ongoing training to your employees
If you need help designing and deploying a cybersecurity plan, contact us. We are ready to help.