How Small Businesses Fall Victim to Cyber Attacks
Cyber attacks are on the rise—and no business, big or small, is immune to the devastating financial loss that a cyber attack can have. So, let’s discuss a few aspects of cyber attacks to look out for, including:
- What is phishing?
- Why is it a problem?
- Why are small businesses targeted?
- How can your business prevent becoming the victim of a cyber attack?
Let’s dive in.
What is Phishing?
Phishing is an ever-growing concern defined as the “technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.”
According to Brenda Jo Robyn, founder of Competitive Edge Insurance, phishing is “any activity that compromises your organization’s security.”
For more on phishing, read our article: “Why Is Phishing the #1 Thing Killing Small Businesses?”
Why is Phishing a Problem?
Let us provide an example of the dangers of phishing.
On February 5, 2021, according to The Pew Charitable Trusts, “a plant operator for the city of about 15,000 on Florida’s west coast saw his cursor being moved around on his computer screen.”
The cursor continued to move, “opening various software functions that control the water being treated [and boosting] the level of sodium hydroxide—or lye—in the water supply to 100 times higher than normal.”
If you didn’t know, the consequences of this breach could have been deadly if not caught immediately, as lye poisoning can result in:
- Burns
- Vomiting
- Severe pain
- Bleeding
While most cases might not involve the extremes of lye poisoning, this example shows the severity of phishing today. As a result, governments, states, businesses (big or small), and individuals should act accordingly to strengthen their cybersecurity efforts.
Why Do Data Thieves Focus on Small Businesses?
The consequences of a cyber attack on a small business are particularly severe. 60% of small businesses that have been hit by a cyberattack end up shutting down within six months of the attack.
Despite the irreversible aftermath of falling victim to a cyber attack and the fact that 43% of online attacks are now aimed at small businesses, CNBC reports that only 14% are prepared to defend themselves.
Interested in some more statistics?
- 20% of small businesses have experienced a cyberattack in the last two years.
- Last year there was a 424% increase in small business breaches.
- The median ransomware payment is up 52% to $71,664.
- On average, businesses experience 22 days of disruption as a result of a ransomware attack.
Cyber attacks are not only extremely expensive to recover from but they also damage your business’s reputation and productivity, and can even be dangerous in the event of personal data being stolen.
This is why it is crucial to protect your small business from cyberattacks. But how can you protect yourself? What can the Florida plant case study teach us?
How Can You Prevent Phishing?
Luckily, there are measures you can take to prevent phishing as a business owner. Let’s discuss some options.
Training
- Training your employees: To be vigilant; educate them on common phishing traps, email scamming tactics, and how to send data securely (In the Florida case study mentioned earlier, the employee who noticed the breach reported it immediately).
- Training IT: To know what to look for
Be sure to document your training and review it on a weekly or quarterly basis with employees and staff.
Due Diligence
Ensure your business is conducting thorough, routine cybersecurity due diligence.
According to Security Scorecard, cybersecurity due diligence is “the process of identifying and addressing cyber risks across your network ecosystem.” Doing so provides “insights into potential gaps in network security so that they can be addressed before they are exploited by cybercriminals.”
For those who are interested in seeing where their business is in terms of safety, read on to learn how you can measure your company’s cybersecurity risk.
Have a Planned Crisis Response in Place
When it comes to cyber risk, there’s nothing worse than being ill-prepared. Of course, we couldn’t write about cyberattacks without mention of investing in a cyber liability insurance policy for your business.
A cyber liability policy might include:
- Data Breach Coverage
- Business Interpretation Loss Reimbursement
- Cyber Extortion Defense
- Forensic Support
- Legal Support
- Coverage beyond a General Liability Policy
As a small business, you must be prepared—because the consequences can be insurmountable. Interested in learning more about cyber insurance and why you need it? Read on in our article “Why Does My Business Need Cyber Insurance?”