If the recent cyber attacks have taught us anything, it is that most people are dangerously unprepared for them. Cybersecurity should be at the forefront of virtually every industry, yet it is often treated as an afterthought.
Small businesses are in a particularly disadvantaged position. Even so, many are unaware of the dangers they are already facing. The truth is that an estimated 43 percent of cyber-attacks target small businesses, so there are many lessons to be learned here.
1. Attacks are random and unpredictable
Cyber-attacks cannot really be predicted, unless we are talking about very specific targets that constantly come under fire. In regards to small businesses, however, cyber-attacks do not have specific patterns and can pretty much come at any point.
Let us take the WannaCry ransomware as an example. On the 12th of May 2017, within the course of a single day, the WannaCry ransomware was released into the wild and managed to infect more than 230,000 computers worldwide. In the end, the number rose to more than 300,000.
Even high-profile companies and organizations such as FedEx and the UK’s National Health Service were victims of the attack. No one expected the attack and if it wasn’t for the accidental hero who managed to stop its spread, a lot more computers would have been infected.
You may be familiar with the phrase “eternal vigilance is the price of liberty.” The phrase could easily be modified to “eternal vigilance is the price of cyber-security.” When attacks are this random, they should always be expected.
2. Do not assume you are safe
Nowadays, privacy is at a premium. Learning how to protect your privacy and security is a vital skill. If you are a small business, you also have the responsibility of protecting your users.
Perhaps the most common mistake by small businesses in regards to cyber security is that they assume they will not be attacked. For instance, some believe that they are too small to be of any concern to hackers.
This, however, is not always a correct line of thinking. In fact, plenty of hackers specifically target small businesses exactly because they are small. Hackers know that many businesses will not protect themselves against cyberattacks and so they consider them easy targets.
Even security experts with years of experience and exceptional technical expertise cannot predict when and where the next attack will strike. Any business could be affected, particularly those who believe themselves to be safe without actually doing anything about it.
3. Treat the cause and not the symptoms
Preventing a cyber-attack is a far more logical process than attempting to treat its symptoms. For those affected by WannaCry, for example, there is no good course of action: the encrypted files are not recoverable, and paying the ransom is inadvisable and is extremely unlikely to have any success.
As far as all cyber threats are concerned, prevention is vastly superior to treatment. What prevention means, however, will vary widely across small businesses, depending on how they wish to approach potential issues.
For example, many will be content with simply putting up security measures in place and having a decent IT team to install security patches and other defensive mechanisms. Others, however, will want to go a step further and be proactive in their defense.
This might mean continuous monitoring to detect potential threats and constantly testing their systems by making use of external cyber-security teams. Of course, all of these can be expensive processes, so you will need to balance your budget against potential threats.
4. Do not neglect security
This point is so important that it merits constant repetition. Security should not be neglected for any reason, including budget-related concerns. While it is certainly understandable that keeping an IT team or upgrading equipment is a major hassle, neglecting security may well result in catastrophe.
You may think that downtime is unbearable, but losing important files or having customer records leak is, without a doubt, a worse fate. Some of the computers infected with WannaCry were still running Windows XP, for example, despite the fact that extended support for the OS ended more than three years ago.
Even those who were running newer operating systems such as Windows 7 had neglected security for one reason or the other, resulting in unpatched systems that were obviously vulnerable to the cyber-attack.
5. You may be a stepping stone to something larger
If your corporate associates are huge enterprises and you hold data which could be considered sensitive, or if your business has a way to access such data or other important information, then assume you may be targeted soon.
While some large corporations will set up security for their smaller partners, in the majority of the cases they expect their partners to take care of such matters themselves. In fact, you may even be held responsible if information is leaked.
Of course, these are matters that should be discussed and arranged with any corporate partners you have, regardless of how big or small they are. Protecting all data you have access to, however, should be standard practice.