Think Your SMB Is Too Small for Hackers to Target? It’s Not. Take These 4 Steps to Keep Your Business SafeEditorial Team
By Ron Pelletier, founder and chief customer officer, Pondurance.
As the founder of Pondurance, I’ve sat across the table from CEOs and CIOs of many small and midsize businesses who really believe that cybersecurity doesn’t apply to them. They think their data is not valuable enough to steal. They think they’re simply not big enough to be a target.
I always tell them: This is not true.
In fact, the majority of cyberattacks are aimed at small businesses, with 55% of SMBs, having experienced a cyber-attack according to a 2020 SMB cybersecurity report. These include small manufacturers, not-for-profit organizations, and mom-and-pop companies without a lot of budgets to combat security threats and avoid business disruption. And this makes them very attractive targets for hackers to achieve financial gain.
It’s the major events you read about in the headlines—the multimillion-dollar attacks on Colonial Pipeline, Acer, and others—but most cybercriminals would rather launch successful attacks on a large number of SMBs than spend weeks or months trying to crack a multinational corporation. This is simply because there is a greater opportunity for success against SMBs.
So what can you do to keep your business safe from hackers? If you own a small or midsize business, here are four strategies you can follow to best protect yourself from cyber threats and reduce your risks—without breaking your budget.
1. Minimum Security is Better than no Security
The good news is that it doesn’t take millions of dollars to keep your business safe from hackers. You can create an affordable, minimally viable security posture that is still effective. The reality is that most cyberattacks are purely opportunistic. Bad actors are constantly scanning the internet for any kind of weakness that they can exploit.
If you can be just good enough, you’ll probably be OK in the long run to ward off attacks of opportunity. Think about it this way: If you and another person are running through the woods being chased by a bear, you don’t have to outrun the bear, you just have to outrun the other person. In a lot of ways, achieving minimally viable cybersecurity is like that.
2. Don’t Over-engineer Your Cybersecurity
Some companies go to the opposite extreme to keep their businesses safe from hackers. They throw the kitchen sink at the cyber problem and load up on all the latest tech. But this usually doesn’t work on its own. If the people in your organization don’t know how to properly wield the sophisticated tools you’ve purchased, or don’t have the proper training, they won’t be able to thwart serious threats when they arrive.
It’s like having a gun. If you don’t know how to use it properly, it won’t do anything to protect you. And it could actually end up doing more harm than good. Technology is the same. Many organizations splash out on the latest cyber tools, but they don’t have the right team of people in place to support those tools or properly tune them. Often, they don’t even have the right tools for the job. You don’t want to be in a position where you are using a sledgehammer to put a tack in the wall. Or, worse, using a feather to erect a steel beam.
3. Maintain the Human Touch
When it comes to cybersecurity, don’t rely strictly on automation. A lot of companies do. They believe that humans can be removed from the equation and replaced with technology, often because that’s what vendors tell them.
Yes, technology is great for managing certain processes and correlating disparate events. But to find and stop nefarious attacks, you need more than fancy tools. Crafty human attackers will find ways to get around security tech, so you need other humans to thwart them. Human intervention can be the difference between swift containment and grave consequences.
You should have a smart team supported by good technology. This is the most effective defense. I learned this when I was in the military. The U.S. Army, for instance, is now developing high-tech exoskeleton suits. These aren’t meant to replace soldiers; they’re meant to make soldiers stronger and more effective in the field of battle. You should never forget about the importance of the human element in detecting and deterring cybercriminals.
4. Beware of Cyber Opportunists
Just because an organization says they do cybersecurity doesn’t mean they do it well. Be careful who you choose to work with for keeping your business safe from hackers. There is a great unmet need for cyber services and a lot of people are over-promising and under-delivering to capitalize on this growing opportunity. Be sure that the people and vendors you bring in to help build and manage your cyber program actually have the credentials, competencies, and track record to get you where you need to be.
Finally, keep in mind that any cybersecurity program has to remain dynamic. You should never grow complacent. You need to constantly evaluate what systems and processes you have in place today—and what you’ll need tomorrow—to remain one step ahead of the bad actors. By staying on top of your cybersecurity, you can greatly reduce your chance of being attacked and better protect your business. Because all it takes is one breach to cause serious damage, or even close your doors for good. And just because your business is small relative to large enterprises doesn’t mean that the target on your back is any less.
Ron Pelletier is the original Founder of Pondurance, having started the company from his basement in 2008. Ron has over 25 years of cyber security advisory experience. He started his career as an officer in the US Army, followed by nine years with Big Four firm, EY. As a strong consensus builder and customer advocate, Ron is focused on evangelizing the Pondurance brand as well as customer success.
Smart Hustle Resources:
Your Small Business Will Get Hacked: Why You Should Care and How to Prevent It
Protecting Your Small Business from Social Network Threats
How You Can Avoid Social Engineering Attacks On Your Business