Many small businesses have the misconception that they aren’t likely to be the target of a cyber-attack. But the data shows otherwise. In our increasingly high-tech world, cyber-criminals don’t discriminate when it comes to hacking into systems to steal information. In fact, more than 43 percent of cyber-attacks target small businesses. It’s become an all too common problem facing small businesses throughout the country. One that Mechanicsburg-based Appalachia Technologies LLC, a full-service Information Technology support and security company, sees on a regular basis and works with businesses to combat.
Small businesses are particularly vulnerable to cyber-attacks because they are operating on budgets with razor thin margins and cyber criminals know that. IT security is not cheap, but it’s becoming the cost of doing business, especially given the most recent statistics which show most small businesses that get hacked go out of business within 6 months.
“Investing in IT security is a crucial component to every business’ long-term success,” said Appalachia Technologies Cyber-Security Practice Lead Brandon Keath. “I liken it to paying for homeowners insurance. There might not be an immediate return on investment, but you’ll be glad you have it when your hot water heater leaks and causes massive damage to your basement. The same can be said for making sure your business is prepared to face a potential cyber-attack. You never know when a cyber-criminal is going to strike and try to infiltrate your system.”
What seems like a simple concept — stopping businesses and individuals from getting hacked — is in reality very complicated. As companies are becoming increasingly reliant on technology and the use of technical devices (be that a laptop, iPad, receiving e-mail on a work phone, etc.), hackers have a greater opportunity and more avenues to illegally obtain data. Also adding to the overall difficulty is the fact that technology is constantly changing and staying on top of trends is a full-time job.
Making matters worse, cybercrime is becoming a growing lucrative business. An entire underground industry has developed to feed these crimes. Criminal hackers are projected to make $1 million a year in dirty money and approximately 90 percent of cybercrimes go unprosecuted.
There are two main cyberattacks that businesses face: malware and ransomware. Malware is when cyber-criminals infiltrate a business’ network and download malicious software. Examples include: viruses, Trojans and spyware. The other is ransomware — which is actually another form of malware. In this scenario, the cyber-criminals use ransomware to take a company’s data and lock it, only agreeing to release it in exchange for a ransom. While news headlines have touted large sums of money being requested from Fortune 500 companies, small businesses shouldn’t get lulled into a fall sense of security. The requested ransoms can be as low as $50 — and small businesses are more and more becoming targets.
So what can be done to protect your business from cyber threats?
As the old adage goes, the best offense is a good defense. Taking preventive measures from the very beginning is critical to putting a business of any size on the path to success. The first step is ensuring that an antivirus is installed on the company’s computer systems and keep it up to date. The antivirus program is the first line of defense and can be the deciding factor. Malware is becoming highly sophisticated. It is now at the point where having an antivirus is the only way for the computer software/server to detect a malware threat because today’s malware is so similar to regular, normal software.
The next step is to focus on e-mail. More than 90 percent of IT security breaches begin with e-mail. A malicious Word, Excel, PDF or PowerPoint document or link can infiltrate a company’s computer network within minutes.
“It’s very rare that cybercriminals can hack into a system without someone from the inside either knowingly or unknowingly aiding some way,” Keath said. “Whether that be by clicking on a link, opening a suspicious document or using common passwords and defaults. All it takes is for one bad e-mail to bring down a company.”
In order to combat this threat, Keath emphasizes the need to create a culture of awareness within the organization.
“If you set things up right from the very beginning, it will make regular IT security and maintenance the norm,” he added. “Employees need to be regularly trained to detect phishing or scam e-mails — which are also becoming more sophisticated. Hackers will take information from Facebook or LinkedIn and use that to obtain personal information. The vast amount of data that is out there for cyber-criminals to use to their advantage is mind blowing.”
Because small businesses are operating on tight budgets, there often isn’t additional revenue available to employ someone full-time to handle IT security. But that doesn’t mean IT security shouldn’t be a priority. IT consulting companies are a way for small businesses to outsource their IT security needs.
“It’s important that a company doesn’t get lax with IT security,” Keath said. “This is an area of your business where you always have to be on high alert because it’s constantly changing and evolving.”
Founded in 1916, the Pennsylvania Chamber of Business and Industry is the state's largest broad-based business association, with its membership comprising businesses of all sizes and across all industry sectors. The PA Chamber is The Statewide Voice of BusinessTM.