Keys include ongoing employee education and avoiding settling for a short-term ‘patch’.
Small-Business Strategies for Fending Off Cyber Pirates
In recent months, so-called cyber pirates have penetrated the firewall of U.S. government offices, large corporations’ secure connections and even the cell phone of the world’s richest man, Jeff Bezos. What chance do small businesses have against such online marauders?
Hackers know that most small businesses are surfing the internet virtually unprotected when it comes to online security. Although hackers attack all kinds of targets, they make a killing on small companies that often do not have the resources or technical knowledge to safeguard their sensitive digital data.
Of all small and medium-sized businesses, during 2018, 67% were victims of a cyber attack, and 58% suffered a data breach. Even so, 47% of those companies admitted that they had no idea how to protect themselves from cyber threats.
Industry experts estimate that cybersecurity incidents will end up costing businesses several trillion dollars in the next five years alone. The Hiscox 2019 cyber report declares that a cyber attack’s average cost has skyrocketed from $34,000 to just $200,000 per individual incident. Many small businesses cannot hope to recover from such a costly incident.
Laura Sánchez and José Luis Tirado, owners of Chicago-based SWATware LLC, a small company dedicated to network security, advise businesses to invest in a security strategy and technology that protects them from hackers.
“The cost of protecting a business is much less than that of recovering from a cyber attack,” said Tirado. “Simply put, if owners invest in good security as soon as possible, they will not have to pay more if a hacker breaks into their computer.”
“Small businesses attract hackers, as the vast majority of owners lack the tech know-how to protect their business or consider protecting their networks to be of little importance,” said Sanchez. “Many people imagine hackers going after big banks or large companies, but that is not the case. Cyber criminals know that banks and large companies have a team of specialized people protecting them.”
For those reasons, hackers to target construction companies, restaurants and other small businesses where employee information, bank accounts and other sensitive data are easily obtainable, Sanchez said.
During the Covid pandemic, business’ vulnerability to online mischief has increased. “Hackers know that business not only do not have a protection strategy,” said Tirado, “they also have their people working remotely, leaving many holes open for cyber criminals to exploit.”
Security specialists estimate that, in many cases, small businesses do not have enough security technology in place. Moreover, if they do get it, they usually implement it without a strategy, just patching the issue instead of implementing a long-term solution.
“Some people say, ‘I’m not in the tech business, I don’t need so much technology,’” said Sánchez. “However, in our opinion, all people must understand that tech is not only an extra tool for their business but a basis that allows to operate and let it grow.”
Adding to the problem: “Some IT companies are very busy,” said Sánchez. “Therefore, they cannot possibly meet with customers to create optimal cybersecurity strategies. They are just rolling out patches that, ultimately, leave security holes.”
As an example, they mentioned the cyber crime of “phishing,” a type of scam that uses e-mail to obtain sensitive information (such as bank accounts). “Hackers send the same message to thousands and thousands of accounts, asking to correct some data, saying that there are problems with some records,” said the specialists. “A person who falls for this provides information that allows hackers access to their accounts and servers.”
Sánchez and Tirado shared two essential steps to keep a company safe: First, select an information technology company to perform a diagnosis of the business’ tech state. Then, create a strategy based on the diagnosis’ results. The second is to educate the employees.
“Many companies say that the main security problem is the user base who do not take care when surfing on the web. That’s not true,” said Tirado. “The real problem is that IT companies do not educate their user base to identify these types of risks and vulnerabilities.”
(Translated and edited by Mario Vázquez. Edited by Matthew B. Hall)