You’re operating your small business in an increasingly digital world. Your customers use digital devices to stay connected with their favorite brands, including yours—they upload and download content from the internet; conduct transactions on apps; share information over email, social media, and messaging platforms. Likewise, your employees tap into data and productivity tools from both on-premise and cloud-based servers, and pass sensitive information over networks that, while secure, may be vulnerable to unauthorized access or attack.
It’s worth noting that yesterday’s paper-based and manual systems weren’t necessarily more secure. Data could be easily lost, stolen, and destroyed, and indeed, it was. Technology has simply changed the nature of the game. Risks are inherent to business—to the exchange of information—and some losses are inevitable. That’s why it’s important to keep your knowledge up-to-date and consistently fortify your approach to safeguarding your small business’s assets.
Small Biz Cybersecurity Terms To Know
The Ponemon Institute reports that cyber-attacks cost small and mid-size businesses an average of $2,235,000 in 2017. What’s more, their research reveals 60% of small businesses say attacks are becoming more severe and more sophisticated.
There are several reasons that small businesses are more vulnerable to cyber attacks. Small businesses may lack awareness—or underestimate the prevalence or magnitude of cybersecurity threats. They may also not have the financial or personnel resources to invest in protection. But most likely, small business owners assume that criminals have “bigger fish to fry,” not realizing that small firms often offer the best gateways into the systems of the larger companies they want to target.
In order to take steps to protect your business, it’s essential to become familiar with the most common forms of cyber-attack and understand key terminology, starting with these:
Authentication – The process or action of proving that the identity of a system user is genuine or valid.
Cyber-attack – Any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Cybersecurity – The protection of internet-connected systems, including hardware, software and data, from cyber-attacks.
Data breach – The intentional or unintentional unauthorized movement or disclosure of sensitive information to an untrusted environment.
Encryption – The process of encoding a message or information so that only authorized parties can access it.
Keyloggers – Hardware or software that tracks keystrokes or keyboard events, usually secretly, to make it available to an attacker.
Malware – Software that is intended to damage or disable computers or compromise the operation of a system by performing an unauthorized function or process.
Phishing scam – When a scammer impersonates a trustworthy entity, such as a bank or mortgage company, via communications (e.g. email) to deceive individuals into providing sensitive information. (To learn more, explore Social Engineering Fraud: An Old Con Is Becoming a New Threat.)
Ransomware – A type of malicious software, downloaded illegally by scammers, that threatens to publish data, hold data hostage, or block access to a computer system until a sum of money is paid.
Spoofing scam – When a scammer fakes the sending address of a transmission to gain unauthorized entry into a secure system.
Spyware – Software that is secretly installed into an information system that enables a scammer to obtain information about another’s computer activities by transmitting data covertly from their hard drive.
Tech support phone scam – When scammers pose as a legitimate security monitoring service that has (falsely) detected a virus on a computer in order to obtain remote access to the system.
Website defacing scam – When a scammer breaks into a web server and either replaces the hosted website with one of their own, leaves a website unusable, or publishes negative advertising propaganda on the site.
For a full list of cybersecurity terms, visit the National Initiative for Cybersecurity Careers and Studies.
Small Biz Cybersecurity Stats to Know
Small business owners should note that all forms of cyber-attacks are constantly evolving, as scammers become better at finding unsecured digital entryways into systems and devising new ways to deceive unsuspecting system users. Challenged to find ever-more creative ways to use technology to their advantage, criminals remain hard at work to find ways around security software and common sense.
A recent Symantec Internet Security Threat Report reveals there has been a 92% increase in new malware variants, a 46% increase in new ransomware variants, and a 54% increase in mobile malware variants. Further more, there was a 600% increase in attacks against Internet of Things (IoT)devices from 2016 to 2017.
As for how cyber-attacks impact small businesses, consider these insights from survey results reported in the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America:
- More than 1 in 5 businesses reported it has been the target of a cyber-attack—and almost 1 in 10 reported being a target in the last 12 months.
- About 36% of the businesses that reported being a target of a cyber-attack ended up losing money
- 10% of respondents could not tell if they had been a target of a cyber-attack
Here’s a breakdown of the types of data sets affected by reported cyber-attacks on small businesses:
- Password, or other authentication data – 33%
- Payment data – 22%
- Software based products, or other copyrighted materials – 21%
- Customer personal data – 17%
- Other company classified material – 17%
- Bank account details – 16%
- Employee data – 16%
- Intellectual property, trade secrets – 16%
- System information – 15%
Small Biz Cybersecurity Next Steps to Know
Is it time to hire a cybersecurity expert? For larger businesses, it just may be: a Gartner survey found that while 95% percent of Chief Information Officers expect cyber threats to increase over the next three years, only 65% of their organizations currently have a cybersecurity expert.
Yet for small businesses who don’t have the risk profile or resources to expand headcount, it makes sense to look into antivirus and antispyware software, implement a firewall and encryption tools, and ensure a secure internet connection. Additionally, it’s critical to educate employees on best practices for protecting company hardware, software, and data so they can become part of the line of defense against cybercriminals.
For more ideas, don’t miss Top 6 Cyber Security Tips For Businesses and find out How to Help Protect Your Business from Privacy Breaches and Cyber Crime.
Businesses of all sizes should consider getting insurance to protect against losses associated with cyber-attacks. There are many different types of insurance programs in place to protect various aspects of cyber risk, so contact your local agent for details.
Acadia Insurance is pleased to share this material with its customers. Please note, however, that nothing in this document should be construed as legal advice or the provision of professional consulting services. This material is for general informational purposes only, and while reasonable care has been utilized in compiling this information, no warranty or representation is made as to accuracy or completeness.