Cybersecurity Breaches and Small Business: A Matter of If or When?

By Vince Tinnirello

Cybersecurity breaches are a daily news item these days. The most recent breach of Equifax has affected millions of Americans. You can see if you were personally affected by this breach by going here:

Check with Equifax

While we’ve almost become immune to the hacks of big businesses such as Target, Home Depot, and Equifax, little attention is being paid to cybersecurity breaches in small business. At Anchor, we very often hear clients say, “I have no data of value to hackers.” To the contrary, most SMBs (small and medium sized businesses) have everything a hacker wants. Whether it’s actual data, access to network resources to implement ransomware, or password tracking, SMBs are attractive targets to hackers.

According to research by IBM, the total cost of security breaches in 2014 was $5.85 million, and this year it’s expected to be over $7 million. What we’ve learned is that no network is completely safe, and how vulnerable and defenseless corporations of all sizes really are. Expensive data security systems don’t faze today’s hackers. A survey by IBM last fall of 2,400 IT professionals found that 73% of respondents didn’t have a formal incident response plan, and 66% weren’t confident in their firm’s ability to recover from an attack.

At Anchor, a common question we hear from clients is, “We’re protected, right? We have a firewall and antivirus” or, “Don’t we pay you to protect us from these threats?” The reality is no, you are not protected simply by having a firewall and antivirus. Answering the “Don’t we pay you to protect us” questions is equally straightforward. No IT department or firm can guarantee protection from security breaches. There is no silver bullet, no single technology solution that can prevent security breaches. Consider the large corporations who have been hacked, all of which had expensive IT security and were still breached.

Most cybersecurity breaches don’t happen by hacking through a firewall, rather they happen by tricking employees. That’s right, most breaches are a result of an employee clicking on a booby-trapped attachment or link in an email that appears to be from a legitimate source. The hacker then has the ability to infect the network with ransomware, Wannacry virus, steal username and password information, or proprietary data. Simply put, when you open the front door and let the criminal in, no security system or tool can stop it. Social engineering is the tool of choice for today’s hacker, and it’s having a devastating effect.

What can SMBs do to protect themselves beyond the traditional foundational security measures of antivirus and a firewall? Educate your employees, and utilize social engineering tests such as email phishing tools to test employees and their risk of opening suspicious attachments and links. Provide safe computing classes for all company personnel. Complete regular network audits looking for vulnerabilities. Have a solid backup and disaster recovery system in place in case an employee inadvertently infects your network with ransomware. Have a plan in place for when-not if, a breach occurs. In today’s business environment, knowing what to expect and having a plan to remediate is vital the continuity of business operations for SMBs.

For details about Anchor’s premium security services offering, please contact us at 303-904-0494.