Small to midsized businesses (SMBs) account for 99 percent of all businesses in the U.S., employing nearly 60 million people and generating 44 percent of the country’s gross domestic product. However, these economic powerhouses are increasingly vulnerable to a variety of cyber threats. Here are five common mistakes SMBs make that contribute to their exposure:
False Sense of Security
The myth persists that smaller businesses are generally safe from cyberattacks because hackers are looking for a bigger score. It helps explain why more than 40 percent of SMBs report they have no cybersecurity defense plan in place. In truth, SMBs are inviting targets because they lack the advanced security measures of enterprise organizations. According to a 2019 Ponemon Institute survey, more than three-quarters of all U.S. small businesses were attacked last year.
In addition to underestimating their risk, SMBs also misjudge the consequences of an attack. Although most SMB leaders estimate the cost of a data breach to be around $10,000, research shows that actual costs are closer to $150,000.
Lack of Awareness
Security awareness training helps employees learn to identify, avoid and respond to threats. However, a recent study from Proofpoint paints a disturbing picture about the lack of security awareness in most organizations. It found that more than two-thirds of end users don’t even know what ransomware is, much less how to identify it.
Part of the problem is that awareness training tends to be infrequent and unimaginative. In a recent Osterman Research study, almost 90 percent of employees said they believed their awareness training was ineffective because the training materials were dry, boring, poorly written or irrelevant.
Failure to Update
Many organizations tend to put off updates and make do with aging applications and operating systems because people have become comfortable with them and they seem to work just fine. However, the lack of critical updates and security patches carries significant risk. The Department of Homeland Security estimates that about 85 percent of all data breaches involve unpatched software.
Given the intertwined nature of today’s software systems, it has never been more important to ensure that critical programs are continually updated and secured. Much of today’s software is built on layers of pre-written code, scripts and web services pulled from open-source software libraries. A problem with one app can create vulnerabilities throughout the IT stack.
Poor Data Protection
Robust backup practices ensure data, files, applications and other resources can be reliably accessed in the event of ransomware attacks, system outages and a variety of other risks. However, one recent study found that more than 20 percent of SMBs have no data backup or data protection solution in place.
Even companies that perform regular backups are at risk. Sophisticated malware can move laterally through a network, encrypting data on all network-attached storage and other backup devices connected to the network. Having at least one copy of the company data isolated in the cloud or in an offsite location provides an important safeguard against such threats.
More than 80 percent of all confirmed data breaches can be traced to compromised passwords, according to Verizon’s 2020 Data Breach Investigations Report. However, convenience trumps caution for most users, which is why they tend to choose passwords that are easy to remember — and easy to guess. For seven years running, “123456” and “password” have ranked among the most commonly used passwords in SplashData’s annual survey. Today’s brute-force cracking software and hardware can unscramble those passwords in seconds.
Research indicates phishing attempts and password hacks have increased by upwards of 300 percent during the pandemic. With millions of Americans working from home, they now need even more passwords than usual to access an array of company resources, applications, websites and cloud services.
How RMM Can Help
Limited resources, staff and budget all make it difficult for SMBs to keep pace with the continually evolving threat landscape, but a managed services provider with broad security expertise can provide an edge. RMM Solutions has invested in the tools and talent to implement and manage comprehensive cybersecurity solutions. Call us today to schedule a complimentary security assessment and learn how we can help you minimize your risk.