Every year, cybercriminals launch attacks with a higher level of sophistication than those from the previous year. The sad truth is that it’s often lax or incorrectly set up security measures that enable most breaches. This is especially true when it comes to small and mid-sized businesses (SMBs).
Small business owners are typically fully focused on growing the company and often don’t prioritize security measures. They may be just. They think they have a lower data breach risk. Or they may think it’s an expense they can’t bear.
But network protection is not only a concern for large corporations. It's a critical issue for small businesses as well. SMBs are the target of the vast majority of cyber-attacks, due to the fact there are so many more of them than huge conglomerates. They are seen as attractive targets for cybercriminals, due to vulnerabilities.
Over 50% of SMBs have been victims of successful cyberattacks. Over 60% of those attacked go out of business afterward.
Most data breaches are the result of human error. But that is actually good news. It means that improving cyber hygiene can reduce the risk of falling victim to an attack.
Are You Making Any of These Cybersecurity Mistakes?
First you need to identify the problem(s), then you need to address them. Often the teams at SMBs are making mistakes they don’t even realize. Here are some of the biggest reasons small businesses fall victim to cyberattacks. Do any of these sound familiar?
- Underestimating the Threat
One of the most critical mistakes SMBs make is underestimating the threat landscape. Many business owners assume that their company is too small to be a target - a dangerous misconception.
For several reasons, cybercriminals see small businesses as low hanging fruit, figuring that the company lacks both the resources and expertise to defend against attacks. It's essential to understand that no business is too small for cybercriminals to target. On the lowest end of the ‘crook spectrum’ unsophisticated criminals hit smart phone users for a few hundred dollars. Being proactive in cybersecurity is crucial.
- Neglecting Security Awareness Training
When was the last time you had your employees go through Security Awareness Training? Small businesses often neglect this critical training for their staff. Owners assume that they will naturally be cautious online. Not even with the best of intentions.
A joint study from Stanford University Professor Jeff Hancock and security firm Tessian (now owned by Proofpoint) revealed that 9 out of 10 (88%) data breach incidents are caused by employees' mistakes – like clicking on malicious attachments or links in phishing emails. These happen because employees have not been trained to recognize signs that should put them on high alert.
Security Awareness Training helps them:
Recognize phishing attempts
Understand and the importance of strong passwords and how to develop them
Be aware of social engineering tactics used by cybercriminals
- Using Weak Passwords
The world’s most common password, and the easiest to crack is: ‘123456.’ Seriously. It edges out the word ‘password’ as most foolish logon credential to use. Weak passwords are a common security vulnerability everywhere, but especially in small companies. Many employees use easily guessable passwords AND reuse the same weak password for several accounts. This leaves your company's sensitive information exposed to hackers.
People reuse passwords 64% of the time.
Encourage the use of strong, unique passwords. For tips, please refer to our page ‘Creating Strong Passwords' on this site. Also consider implementing multi-factor authentication (MFA) wherever possible. This adds an extra layer of security.
- Ignoring Software Updates
While your employees are your first line of defense, security patches and updates are the second. Failing to keep software and operating systems up to date is another mistake. Cybercriminals often exploit known vulnerabilities in outdated software to gain access to systems. Small businesses should regularly update their software to patch known security flaws, and these updates can be set to be done automatically. This includes operating systems, web browsers, and antivirus programs.
- Lacking a Backup & Disaster Recovery Plan
Small companies often do not have a written Backup & Disaster Recovery plan, and that is a huge mistake. They might mistakenly assume that data loss won't happen to them (yeah, good luck with that). But data loss can occur due to various reasons. This includes cyberattacks, hardware failures, or human errors.
Regularly back up your company's critical data. Test the backups to ensure they can be successfully restored in case of a data loss incident.
- Lack of Formal Security Policies
SMBs often operate without clear policies and procedures. With no clear and enforceable security policies, employees may not know critical information, like how to handle and protect sensitive data or how to use company devices securely or respond to security incidents.
Small businesses should establish formal security policies and procedures – even if you only have 3 or 4 employees. Communicate these to all employees. These policies should cover things like:
- Password management
- Data handling
- Incident reporting
- Remote work security
- And other security topics
- Ignoring Mobile Security
Mobile devices are historically a weak point in a company’s protections. As more employees use mobile devices for work, mobile security is increasingly important. Small companies often overlook this aspect of cybersecurity.
Put in place mobile device management (MDM) solutions. These enforce security policies on company- and employee-owned devices used for work-related activities.
- Failing to Regularly Watch Networks
SMBs may not have IT staff to watch their networks for suspicious activities. This can result in delayed detection of security breaches. Anyone making this mistake is doomed to learn about threats until they have already been successful.
Install network monitoring tools. Or consider outsourcing network monitoring services. This can help your business promptly identify and respond to potential threats.
- Having No Incident Response Plan
This is a smaller part of a Backup & Disaster Recovery plan. In the face of a security incident, SMBs without an incident response plan may panic. They can also respond ineffectively or do the exact wrong thing.
Develop a comprehensive incident response plan. One that outlines the steps to take when a security incident occurs. This should include communication plans, isolation procedures, and a clear chain of command.
- Thinking They Don’t Need Managed IT Services
As cyber threats continue to evolve and increase, new attack techniques emerge regularly. Small businesses often have a hard time keeping up. Yet, they believe they are ‘too small’ to pay for managed IT services.
Managed services come in all package sizes. This includes those designed for SMB budgets. A Managed Services Provider (MSP) can keep your business safe from cyberattacks and save you money at the same time by optimizing your IT.
Spend the Money!
The cost of doing business has risen dramatically over the last three years, but do you know what businesses don’t have to pay those expenses?
The businesses that have folded.
Frequently Asked Questions
What is an example of a strong password?
The password used on our ‘Creating Strong Passwords' page is:
ImMLw0&23o&i5Mc
This password is based on the phrase “I married my loving wife (or husband) on August 23 08 in Santa Monica California” – using symbols as substitutes for numbers and letters, and vice versa – such as using $ for S or & for 8 and alternating between upper and lower case letters.
Running the password above through ‘Password Monster’ shows the ‘time to crack password: 9 Trillion Years,’ whereas ‘123456’ takes ZERO seconds.
How do I manage too many passwords?
The simplest way is to use a Password Manager. Every time you enter a password for the first time, it will give a prompt asking if you want saved (say yes). Then, when you return to that login page, it will offer to fill it in for you. This way, you can enjoy complex passwords, and you only need to remember ONE: the one for the Password Manager.
Wired online offers a ‘Best Password Managers’ list to give you some ideas.
How do you create a backup and disaster recovery plan?
It is best to have a qualified IT person or a firm that provides comprehensive Managed Services set these up with your input. If you are a one-person operation who wants to do this on your own, download the Cyber Essentials Starter Kit provided free by the Federal Cybersecurity & Infrastructure Security Agency (CISO), but most likely the simplest way to back up your data is with an external hard drive that is ONLY connected to the computer when the backups are performed. If a virus or ransomware infects your computer, it will find its way to your external hard drive if it is connected.
How does automated patching work?
Patch automation tools perform regular scans of an environment—or specific groups of devices—to identify which are missing patches. They can then download missing patches from individual vendors, such as Adobe, Apple, Java, or Windows.
How secure is your network?
As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.
The best defenses are expert Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
IT Support LA is an award-winning Managed Services Provider (MSP):
o 3 Years awarded Best IT by the Small Business Expo
o Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o Awarded Best IT Support in California by Channel Futures
o Winner of Best IT in Los Angeles by Channel Futures
o Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the ‘Pioneer’ listing
o 4 years listed as one of the Top 501 Managed Services Providers in the World by Channel Futures
o Listed as #21 MSP in the World in Channel Futures NextGen 101
o Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o Named one of 2023’s 50 ‘Best’ businesses in California by UpCity
o Named Best of IT Services winner by UpCity
o Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o Named Best of Cloud Consulting winner by UpCity
o Certified as Top Managed Services Provider and Cybersecurity Pro by UpCity
o Named Best IT Services in Los Angeles by Expertise.com.
Need Help Modernizing Your Security Strategy?
A security strategy put in place five years ago can easily be outdated today. Don’t risk losing your business because of a cyberattack. Managed IT services can be more affordable for your small business than you think.
Give us a call today to schedule a chat and take advantage of our FREE network and security assessment.
818-805-0909