Cybersecurity: The Achilles’ Heel of Small and Medium-Sized Businesses

There is no time like the present to act on your potential cybersecurity vulnerabilities. The continued growth and existence of your business may depend on it.

COVID-19 was the catalyst for vast changes in health protection protocols and global commerce, the advent of hybrid workplaces, and a sharp escalation of digital pivots.  Seemingly overnight, businesses needed to transition from physical customer and employee interactions to a digital model.

In 2020, many small and medium businesses (SMBs) adopted this “pivot-to-protect-and-survive” approach. Research from SMB Group shows 66% of SMBs started or expanded their work from home programs during the Pandemic and 65% were more likely to accelerate the pace of their technology investments1.

Now, with COVID-19 vaccinations, substantial federal stimulus rollout, and many indications that the economy is improving, there is cause for optimism among SMBs despite the rise of the Delta variant. Those that quickly pivoted to digital technologies during the pandemic are finding they can reduce costs and complement their physical customer relationships with technologies that allow them to offer an appealing digital customer experience. And they are also learning the marketing, remarketing and customer targeting capabilities today’s e-commerce and social platforms support.

With this brave new world in front of them, what could possibly go wrong for SMBs?

The answer is everything.

SMBs are among the most vulnerable to cybersecurity attacks

Cybersecurity protection is the Achilles’ heel of small and medium-sized businesses. According to a March 4, 2021 report in Security Magazine, SMBs are the #1 target for cybersecurity breaches and 60% of those whose systems are compromised close up shop permanently within a year of the attack. The risks and rising costs of cybersecurity attacks against SMBs present a serious existential threat to their businesses – and for the many other businesses they may be connected to. The digital infrastructure of small businesses is often targeted by hackers because it gives hackers a back door into the systems of larger businesses. Large retailers or other distributors of goods often have digital supply chain connections to a broad array of suppliers, many of them small businesses.

But hackers don’t target SMBs only as a pathway to bigger fish. Even the smallest businesses are often targeted. You might be surprised to learn, for example, that it’s businesses like dentists’ offices, wine shops, community centers and small manufacturers whose systems are being targeted and breached by hackers.

The reasons for cybersecurity vulnerabilities among SMBs typically boil down to a lack of understanding of the gravity of the threat, a lack of financial or technology professional resources, and inertia when it comes to taking proactive steps to shore up their cyber defenses.

As the leader of an organization focused on meeting the technology needs of SMBs and equipping them with the tools to help them protect their businesses against cyberattacks, I hear this all the time: “I’m a small business. I don’t need cybersecurity.” Research indicates this is a prevailing sentiment among small business owners: 66% of small businesses believe they will not be targeted or affected by a cybersecurity attack according to one 2019 study.

 

Even Barbara Corcoran has been hacked

Recently, I had the opportunity to sit down and chat with Barbara Corcoran, Founder of the Corcoran Group & notable ‘Shark’ on ABC-TV’s “Shark Tank.” Barbara is a hero and role model to many small business owners. Her credibility with small businesses is a gold standard. She parlayed a $1,000 investment into a $5 billion real estate behemoth, and she’s invested in more than 80 businesses to date in her role as a “Shark.”

You may assume that, when it comes to cybersecurity, Barbara has total confidence in her digital infrastructure and can share plenty of proven cybersecurity tips with other small businesses. Yet, here is what she shared with me as I made a case for small businesses to get serious about cybersecurity:

“I’m embarrassed to admit in the last year alone I had three attempts at robbing money from my accounts,” she said. “Two of those attempts were stopped by bank protections and the money being transferred out of my account, close to $1 million, was returned to me. I was like, who would come after me? In a way I was in a bubble. But now I feel like everybody’s after me. I feel like I grew up a little bit. So, I hear what you’re saying.”

Take Action to Protect Your Business

It can be overwhelming for SMBs, at first, to consider how to protect their digital infrastructures from cybersecurity attacks. Resources are often an issue, but the challenge may be compounded by a lack of clarity on where to begin.

There are many potential vulnerabilities and breach methods to consider. Vulnerabilities can include or be caused by misconfigurations in the network, reused passwords, unpatched software and, often, the simplest of things, like choosing an effective password or, better yet, passphrase. Attack types vary from phishing, where hackers “trick” users to innocently execute malicious code to distributed denial of service (DDoS) attacks, where a hacker coordinates an array of compromised computer systems to flood the target system with extraneous messages, rendering the target system slow or useless. Ransomware, where hackers take control of the target company’s entire computing system and prevent use of it until a ransom is paid, has also been a scourge to many SMBs.

Oftentimes, SMBs will tell me they are “all set” with security because they bought a firewall, or their friend set something up and tests it once per year. The fact is that security needs are continuously changing with the latest technology and hacker attacks.  A review should be thorough across the entire network: not merely targeted to a specific vulnerability that the firewall or existing security approach covers.

 

Get a professional cybersecurity assessment

We recommend SMBs start with a professional cybersecurity assessment. Cybersecurity experts can quickly determine where systems are vulnerable and make practical recommendations to help SMBs use their resources most effectively. Usually, there are both technology and human behavioral challenges that need to be addressed.

A cybersecurity professional can help ensure your systems have the latest protective technologies, are using up-to-date software and hardware, and are compliant with industry-recognized standards. System software patching, application updates, and system access controls, administration and configuration are all areas that cybersecurity professionals will assess.

The backbone of a company’s digital infrastructure is the network platform where it resides. Cybersecurity professionals can help you protect your network from end-to-end which includes the ingress and egress of data passing to and from the internet and your businesses’ connected devices. And that’s just a starting point.

Human behavior, too, often benignly leads to cybersecurity vulnerabilities. Your employees, whether there are just 2 or 200, may neglect seemingly simple tasks like using strong passwords and changing them frequently. It is also important to educate all employees about the risks of accepting or clicking on attachments contained in emails from unknown parties. This is the source of many system compromises and one of the key underpinnings that enable successful – and damaging – ransomware attacks.

 

Act now

Cybersecurity is a complex topic.  My main advice to small and medium-sized businesses is to act now. Address whatever you can without outside help – password security, checking that your software is up to date, and helping your employees understand the importance of proper cybersecurity awareness. After that, bring in the experts. They can help you identify, protect and, ultimately, understand how important it is to be aware of your cybersecurity “Achilles’ heel.”

There is no time like the present to act on your potential cybersecurity vulnerabilities. The continued growth and existence of your business may depend on it.

1 – Salesforce.com. 2020 Small and Medium Business Trends Report, Fourth Edition. Page 20.

About Stacey Marx 1 Article
Stacey Marx is President, AT&T National Business & Channels, where she leads a talented team of thousands of professionals. Together, Stacey and her team are dedicated to supporting millions of small and medium business customers to help them achieve growth and maximize their potential with technology innovation.