Small Businesses Struggling With Cybersecurity

Small to medium-sized businesses are hit with nearly 4,000 cyberattacks per day, and that number is expected to grow. Almost half are likely to fall victim to a cyberattack.

These are among the findings in a study, “Cybersecurity Mistakes All Small Business Employees Make, from Entry Level to the C-Suite,” released by Switchfast Technologies. The Chicago-based IT consulting and managed services provider surveyed over 600 full-time small business employees and 100 C-suite level leaders to uncover why small businesses continue to struggle with good cybersecurity practices.

The study said also revealed despite common misconception, small businesses are prime targets for hackers because of their size. “Thieves aren’t concerned about how big a business is; as long as there is financial gain to be had from stealing, any company is fair game.”

In 2016 alone, over 14 million American small businesses were breached by cybercriminals. And with over 30 million American small businesses that means 46% of all small businesses will likely become a cyberattack victim.

“When cybercriminals strike, it’s often large enterprises that make front page headlines. But don’t be fooled — the small coffee shop down the street and the local grocer are even more likely to be targets for malicious hackers,” the report suggested.

For many organizations, these cyberattacks can be financially devastating; 60% of small businesses suffering a breach are likely to go out of business within six months. From a loss of customers to a damaged credit reputation through defaulted loans, small businesses and their creditors have a lot to lose, and one in three business owners have no safeguards in place to combat a cyberbreach.

The absence of a dedicated IT or security professional leaves small businesses vulnerable to otherwise preventable attacks, like phishing schemes and fraudulent activity. “One IT employee simply isn’t equipped to handle the day-to-day technology responsibilities while running surveillance initiatives to keep the bad actors at bay, and small businesses are taking a huge risk relying on their employees to not fall victim to lurking hackers,” the report warned.

The study also explored how internal behaviors from employees at all levels contribute to the rising number of cyberattacks against small businesses, and how companies can begin to address poor cyber hygiene and mitigate risk.

With activities like electronic wire fraud and phishing scams becoming all-too-common, small businesses need to reevaluate the strength of their existing security protocols. Cybercriminals employ a variety of complex attack methods to exploit business weaknesses. They target employees with bad cyberhygiene, whether it’s the CEO or an intern, bypassing the basic security measures most companies have in place. “Until they recognize they are prime targets for hackers and adjust their security strategies, small businesses will continue to fall victim to rampant cyberattacks,” the report stated.

In addition to a lack of resources, internal disagreements about the severity of cyberattacks complicate the cybersecurity dilemma. Thirty-five percent of employees and 51% of leaders are convinced their business is not a target for cybercriminals, which could explain why small businesses don’t prioritize security education and best practices.

While small businesses can’t influence the activities of criminals, they can take the steps necessary to address poor employee behaviors weakening organizations from within, according to Switchfast, such as regularly updating cybersecurity training, adopting a multi-layered cyberdefense plan, and leveraging third-party security experts.