Cyber attacks have become an increasingly common for individuals, governments and businesses. Small businesses are particularly vulnerable. In fact, 35% of SMEs in Singapore were attacked by ransomware in 2016. Furthermore, only 1 in 10 SME directors felt very confident that they could stop an attack. With that said, how worried should you be about cyber security threats to your small business? And what steps should you take to protect your company?
Understanding the Threat: What Are Ransomware and Phishing?
In 2017, 2 in 5 cyber attacks were on SMEs. Most of these attacks come in the form of ransomware or other malware via phishing. Phishing is a method that cyber criminals use to obtain sensitive information from an individual or organisation. Obtaining this information allows attackers to deliver malware, such as ransomware, which inhibits various computer and network functions until a sum of money has been paid to the attacker. Phishing comes in a variety of forms. For example, many attacks target individuals or businesses by sending emails that appear to be sent from a colleague or client. Attackers have become savvy at gathering personal information to make their phishing attempts more inconspicuous.
How Expensive Are Cyber Threats?
Cyber attacks can be very costly for SMEs. Approximately 21% of small and medium sized businesses attacked by ransomware were forced to halt their operations and 11% lost revenue. Still, while ransomware can be deadly for a small business, the amount demanded by attackers is not typically very high. For example, an estimated 93% of ransomware attacks demanded S$10,000 or less.
Instead, most businesses in Singapore report that the release of confidential information is the greatest risk associated with cyber attacks for their companies. This is most common to those that do not pay the ransom demanded from their business; approximately 33% of businesses that did not pay the demanded ransom end up losing data. Additionally, businesses are often hurt by the amount of downtime forced upon their operations or website. For example, 15% of attacks resulted in downtime of more than 1 day, which can be quite disruptive to any business, and particularly damaging to businesses that heavily rely on network capabilities for their business operations.
Affordable Precautionary Methods
Clearly, cyber attacks are a serious threat to small businesses and require SME directors owners understand and implement property cyber security measures. Some companies will have the luxury of hiring cyber security experts or purchasing expensive software packages to protect themselves from cyber threats. However, for small businesses that are fighting to stay afloat it may seem cost prohibitive without financing to protect their business from ransomware and other threats. Luckily, the vast majority of attacks that have been experienced by SMEs can actually be stopped with simple precautionary measures.
When it comes to easy ways to ward off cyber threats, it is important to continually make software and operating system updates in order to protect your business. This is because many cyber criminals specifically target the vulnerabilities of outdated software that tend to be exposed when new software is introduced to protect security gaps.
Secondly, it is important to train employees about the variety of phishing email threat and to never open suspicious email attachments or download unknown applications. Some small businesses even test their own employees with mock phishing emails to see if employees are able to discern between safe and potentially dangerous emails. One study found that these simulations can yield up to a 37% return on investment, a pretty good result for a low cost endeavor. Additionally, experts recommend that businesses keep backups of their files on a storage device that is not accessible to cyber attacks. It is also possible to find affordable antivirus software packages.
Parting Thoughts: Diligence and Common Sense
While ransomware and other cyber threats can be debilitating for small businesses, most SMEs do not need to break the bank in order to properly protect their business. In fact, with proper planning and training small businesses can provide their employees with the necessary tools to defend against most threats.