Often, small-to-medium-sized businesses (SMBs) think they are safe from cyberattacks because the criminals are only interested in the “big corporations.” Sadly, nothing is further from the truth. The notorious ransomware group Akira has been actively focusing on SMBs, which represent 80% of its victims. The group’s ransom demands have ranged between $200,000 USD to over $4 million USD. However, this one group is far from the only culprits – experts estimate that in the last several years, 56% of all ransomware attacks have been against SMBs. (Source) So, how can your business effectively protect data?
Why are SMBs Attractive Targets?
In general, SMBs have less IT support and weak security procedures. Cybercriminals also target SMBs to locate points of entry into larger organizations that they partner with. Multiple SMB breaches have escalated into large-scale attacks on major companies, including AT&T and Chic-fil-A.
A successful attack can result in significant damage. According to IBM research, the average cost to recover from a data breach in 2023 was $4.45 million, a 15% increase over the previous three years. Indirect costs can also be overwhelming for smaller organizations. Breaches can destroy trust and undermine goodwill reputation. Sadly, even when the ransom was paid, nearly 40% of companies suffered permanent data loss.
What Happens if the SMB Doesn’t Pay? If the company refuses to pay, the hackers threaten to expose names and confidential data.
What Can SMBs Do to Protect Data?
According to the National Institute of Standards and Technology (NIST), SMBs can reduce organizational risks by:
- Tightening up access to network and data
- Developing formal policies
- Encrypting sensitive data at all stages
- Installing network firewalls with integrated security
- Continuously monitoring for unauthorized access
- Performing routine backups
- Developing response and recovery plans
Protect Data with Robust Password Protocols
While the above can help minimize unauthorized access, 98% of cyberattacks start with threat actors accessing an end-user’s valid passwords, allowing them to bypass these security measures. So, it is vital to focus on robust password policies and block known compromised passwords.
Enforcing a policy that encourages end-users to formulate stronger passwords and block the use of weak and common phrases will make it more challenging for hackers to gain access. However, this is likely still not enough. Password breaches are typically successful because humans are predictable. They not only reuse passwords, but they default to familiar patterns when creating passwords to meet the complexity requirements.
For example, they may use the password they always have but add an extra number or symbol to meet complexity rules. These are easy for hacker software to crack. Enforcing a stronger policy can help users create easy-to-remember but harder-to-break passwords.
In addition, multi-factor authentication minimizes the risk of account breaches by applying an additional layer of protection. Even if passwords are compromised, unauthorized personnel won’t be able to gain network access without a second authorization – such as a mobile push notification. While sometimes annoying to authorized users, these measures help to reduce the incidents of hacked credentials and brute-force password theft.
Managed Services Can Help You to Protect Data
As stated above, SMBs are often the target of hackers because they lack the internal resources necessary to maintain their security protocols. The threat landscape is continually changing, and it is nearly impossible for a small IT department to remain up to speed on all of the latest tricks being employed by criminals.
Alliance IT is a managed services firm that acts as an extension of your IT department, giving you access to IT professionals who live and breathe data security. Let us show you how to protect your data without having to hire in-house resources or expend limited resources. Our team is your team – and we are committed to your data protection.