There seems to be a misconstrued opinion about hackers amongst a lot of small business owners. A survey conducted in 2024, showed that 56% of small businesses were “unconcerned” about the threat of a cyber security attack.
Perhaps what is more troubling is that 28% of small businesses confirmed they do not have a response in place if they suffer a data breach.
Many people think cybersecurity poses more threats to large-scale businesses and corporations. Big firms with big turnovers are naturally a promising target for threat actors looking for a big payday.
In reality, the large firms are harder to breach. So hackers turn their attention to easier targets. You guessed it, small businesses. IBM estimate that around 62% of cyber attacks target small businesses.
What’s more, it’s estimated the average cost to a small business that suffers a data breach is an average of $25,000. It is thought around 60% of small businesses close their doors within six months of a data breach.
Fortunately, there are some easy fixes. And securing your data does not have to be overly expensive. The cost really depends on your specific needs and your business model.
To protect yourself against the threat of cybercriminals, the strategies below are a quick and inexpensive fix.
Passwords
Passwords are the all-important piece of data that you need to keep safe. If hackers get hold of a password, they can access your applications, documents and files and pretty much do whatever they like with them; steal, sell, delete, deface.
Using easy passwords can be cracked by hackers. They have sophisticated technology that launches a brute force attack on accounts. The technology is able to perform countless combinations – so weak passwords are possible to crack.
Weak passwords are considered any words that are obvious or that can be identified by sleuth-like hackers – such as the name of your pet or children.
First and foremost, a password should be constructed of numbers, letters, and symbols. To check the strength of your password, you could head over to How Secure is my Password. This is a useful tool to help learn how to construct strong passwords that you can remember.
Even strong passwords can form weak barriers if leaked into hacking circles. Passwords are always flowing into these groups via data breaches, such as in the “RockYou2021” leak of 8.4 billion password entries.
Other key rules to remember around passwords are to change your passwords every month, don’t use the same password for more than one account and check if your password has been leaked using Have I Been Pwned.
Be Careful on Public Networks
Public networks, such as your local coffee shop, are always a risk. Anybody who has hacked the network will be able to observe all the traffic flowing through it. So if any of your staff uses public networks for work purposes and enters a password into a work account, you could be putting your data at risk.
To mitigate the risk, you should document cybersecurity protocols and enforce them – especially if you deploy remote workers. Also, make sure your staff is given cybersecurity awareness training so they are aware of cyber threats and understand how to identify them.
Watch out for Dangerous Links
The most common technique used by hackers is phishing attacks. This involves sending emails containing malicious links or downloadable documents infected with malicious code that gets onto the target’s computer. It is estimated that around 3.4 billion phishing emails are sent every day. What’s more, millions of people fall foul to them – especially if they are not aware of cyber threats and how to identify phishing emails.
Most phishing emails are poorly designed and cyber threats are easy to spot. However, sophisticated hackers spoof emails to make them appear as though they have come from a sender that you trust; i.e a bank, supplier, energy company, government office, tech or retail company etc.
Some spoof emails will be random. For example, you may get an email that appears to originate from UPS. If you don’t use UPS – and you are alert to cybercrime – you instantly know it’s a bogus email.
But what if you do use UPS, would you click the link without checking the authenticity of the email. Millions of people do click the link.
Before you click or download anything on an email, read the email carefully to check for spelling mistakes and poor use of language. Hackers that don’t speak English as a first language sometimes make mistakes.
The biggest indicator, however, is the sender’s address. It will not, because it cannot be, genuine. It will look odd. If you’re still not sure, contact the company through their website and ask them to verify whether the email address and the email content are genuine.
Keeping up with Cybercrime Trends
Hackers are constantly adapting their techniques and technologies. In addition, existing software typically develops vulnerabilities that sophisticated hackers can exploit.
Because cybercrime is an evolving problem, the requirements for being safe online are constantly changing as well. It is, therefore, necessary to keep up to date with the latest hacking techniques to watch out for.
For example, the latest scam has seen hackers use the war in Ukraine to set up fake id websites and send phishing emails asking for donations. Again, avoid performing any actions from emails if you cannot verify the sender. Providing your staff with cybersecurity awareness training is the best way to keep on top of cybersecurity. As mentioned above, the highest number of data breaches are caused by human error and the preferred method of cyberattack is through email.
If your staff is aware of cyber threats, knows how to spot them and understands what to do when they identify suspicious activity, you decrease the risk of suffering a data breach – and the potential early closure of your small business.