Ever since the pandemic, cyber attacks have been a growing concern for every small and medium-sized business (SMB). One reason is that many employees now work from remote or hybrid environments. Your attack surface expands as more people connect to your business from a distance and from different devices. What’s an attack surface? It’s the sum of all points where a hacker might infiltrate sensitive systems, networks, and databases.
Rising data breach impact and costs
A cyber attack is more than just an inconvenience. Even a single isolated incident can significantly impact your company’s bottom line. The most recent IBM Cost of a Data Breach report states that organizations with less than 500 employees reported that the average data breach cost was $3.31 million. Even worse, businesses increasingly experience multiple attacks over time.
Some business owners believe that SMBs are too small to be noticed by hackers. However, a new report shows the exact opposite. Small businesses are three times more likely to be targeted by cybercriminals than larger companies. One reason is that SMBs typically have weaker network security, making it easier for criminals to infiltrate their networks.
Why some SMBs don’t adopt strong cybersecurity
Despite these worrisome statistics, many small and medium-sized businesses still don’t pay enough attention to their cybersecurity strategy. Some company leaders might feel it’s too complex. Or they may worry that tight budgets preclude any improvement in their cybersecurity posture. Meanwhile, others might not know where to improve their cyber defenses.
A data breach has significant impacts (direct costs, operational delays, damaged reputation, loss of customer confidence, etc.), and all organizations should prioritize cybersecurity. Even the White House has acknowledged the urgency of digital security and has responded with increased funding for cybersecurity initiatives nationwide. The good news for SMBs is that effective and affordable ways to improve cybersecurity are available.
5 best methods used for cybersecurity
The five best methods used for cybersecurity from an effectiveness and cost standpoint include:
- Multi-factor authentication – With MFA, online service access (like email) requires a combination of two or more authenticators to verify a user’s identity. Common authenticators are SMS text messages, numeric codes sent via smartphone apps, push notifications, and physical security keys. You should also apply MFA to your password manager account.
- Cyber awareness training – Employers can train employees to spot malicious activity, such as phishing emails. Training can include sending fake phishing emails to determine how well employees spot these attacks.
- Security software updates – Implement automatic security updates to ensure all software can account for new vulnerabilities. And verify your antivirus software regularly.
- Data backups – Ideally, all critical files should be backed up in a separate geographic location, in the cloud, and in external hard drives or USB flash drives.
- Router security – Update all routers with your own network name and unique, strong passwords. Also, disable the remote management function.
Leadership must champion cybersecurity efforts
When company leaders emphasize the importance of cybersecurity, the message is more likely to stick. In certain contexts, the CEO’s backing plays a pivotal role.
For instance, business leadership should refrain from relying on the IT team to convince busy staff members to implement stronger security measures, such as multi-factor authentication. Instead, executives should take the initiative to communicate the importance of MFA to employees. Leaders should actively review reports regarding MFA adoption and take action when adoption lags. This approach fosters a security-oriented culture that starts at the highest leadership level.
Prevent cyber breach and stay competitive
Today’s threat landscape has made it clear that cybersecurity is a core business strategy. A proactive security stance helps avoid situations like ransomware, which can bring an organization to its knees. When company leaders explicitly designate the proper level of importance to security, the rest of the organization will follow. Methods such as MFA and security awareness training go a long way to prevent a cyber breach.
The Cybersecurity and Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA provides practical advice about how to bolster your cyber security. You can learn more about CISA’s cybersecurity resources for small and medium-sized businesses here.
This article is for informational purposes only. Neither Valley National Bank nor any of its affiliates makes any representations or warranties, express or implied, as to the accuracy or completeness of the statements or any information contained in this document and any liability therefore is expressly disclaimed.