With more than half of midmarket companies experiencing security breaches, it's time to start being proactive about defending your digital assets.
As small- and medium-size businesses (SMBs) grow, keeping digital assets safe and secure becomes a growing challenge. More employees means more clicks on links that could launch malware attacks, and more devices connecting to your network from outside your network.
A recent Cisco cybersecurity report focused on SMBs found that more than half of medium-size companies have experienced some form of security breach; 40% of companies affected by these breaches report system downtime in excess of eight hours, and one in five say the breach ended up costing them between $1,000,000 and $2,499,999.
In other words, security breaches affecting smaller companies are both common and costly.
Too many SMBs assume their data isn’t attractive enough to cybercriminals, but it might not be the data they're after. While some data is inherently valuable regardless of an organization’s size – such as poorly encrypted customer payment card details – sometimes data itself isn’t the prize. For instance, a ransomware attack holds your data and applications hostage until a ransom is paid. Only then might you get your data returned to you and your operations back online; otherwise, your operations remain frozen, and the data captured could be made public, eroding your customers’ trust and damaging your brand’s reputation. And since many SMBs have limited IT resources, the measures they take to fend off cybercrime are often less sophisticated than they ought to be, making them even more appealing targets for cybercriminals.
Phishing schemes are becoming more sophisticated
Consider the issue of employees clicking on links that launch malware attacks, such as ransomware or spyware. Cybercriminals are becoming more sophisticated in how they present their lures, targeting not just specific industries and organizations, but also particular individuals – a technique called “spear phishing” – making malicious communications look all the more legitimate. Even a technologically savvy staff trained to be vigilant in identifying suspicious emails, texts and social media messages are susceptible to these ploys.
Cybersecurity firm Proofpoint released a report in January that suggests phishing attacks are only becoming more common, with 83% of global infosecurity respondents confirming they experienced at least one such attack in 2018. And remember: All it takes is one click from just one deceived employee. So as your business grows, so do your potential phishing victims.
More endpoints, more problems
And of course, the more employees you have, the more devices your workforce is using. Each device your employees use – think phones and tablets, commonly referred to in security terms as “endpoints” – to connect to the company network from an unsecure network, such as public Wi-Fi or insufficiently protected guest Wi-Fi, represents an exploitable security gap.
Security giant Symantec's 2019 Internet Security Threat Report notes that attacks on endpoints increased by 56% in 2018, and that its security software blocked more than 1.3 million unique attacks on endpoint devices every day.
SMBs need simple solutions for these threats
Given how prevalent endpoint vulnerability and phishing schemes are, and given that SMBs often have limited IT resources, especially in-house, you’ll want to secure your network in the quickest, easiest ways possible.
For any SMB, it’s ideal that malware prevention be automatic, not only in the way it blocks requests to malicious sites, but when it comes to software updates as well. And this service should be baked right into your internet service. As for endpoint protection, your solution should affordably cover all types devices, be they corporately paid or BYOD, Android or iOS, smartphones or laptops—literally any endpoint—not to mention simple to deploy, use and manage.
With that said, the first step in protecting your growing business’s digital assets is to keep up to date on the latest cyber threats, and to accept the fact that these days no business is ever too small not to be noticed by cybercriminals.