In 2018, data breaches cost U.S. organizations more than $654 billion, according to data from ForgeRock. More than 2.8 billion consumer data records were exposed in 342 breaches, with healthcare, financial services and government most impacted by cybercrime.
In fact, the cost of data breaches in the financial sector increased from $8 million in Q1 2018 to a staggering $6.2 billion in Q1 2019. Just this week, the FTC announced that Equifax will pay up to $700 million in fines and compensation because of a 2017 data breach that affected nearly $150 million people.
While large enterprises often have the budgets and public relations machines to survive these incidents, a data breach is often the beginning of the end for small to midsize businesses (SMBs). Here are the three biggest data security vulnerabilities that SMBs need to assess and correct to minimize risk.
Cyberattacks come in many forms. You have ransomware, a form of malware that blocks access to your systems and data until you pay a ransom – if the hacker lives up to their end of the deal, which they often do not. Cryptolocker is a ransomware threat that searches for files to encrypt once it infects your Windows PC. Files are then “locked” until you pay for a decryption key.
Most malware attacks originate in phishing emails. Hackers pose as legitimate financial institutions, government agencies, or even senior executives within the same organization. Emails could appear to be from a retailer requesting confirmation of a delivery or a medical provider demanding an overdue payment.
The sender tricks the user into clicking a malicious link, opening a malicious file, sharing user credentials, or handing over sensitive data. With ransomware or Cryptolocker, the user finds out about the threat immediately. However, other hackers will move unnoticed across the network for long periods of time while stealing or deleting data and looking for new targets.
2) Human Error
Many cyberattacks are the direct result of human error. Cybercriminals have become adept at social engineering – using official logos and persuasive language to convince users into clicking links and opening attachments, even when signs of a phishing email are obvious.
Accidental deletion of emails and files and overwriting data are also common causes of data loss and business disruption. While Microsoft Office 365 and other programs have features that allow you to automatically recover files and emails, items aren’t retained forever. They can be permanently lost after a couple weeks, depending on your settings.
3) Mother Nature
Believe it or not, damage from floods, heavy winds, and fire are a distant third behind the first two data security vulnerabilities on this list. That’s because cyberattacks and human error can and do occur on daily basis.
However, the sheer devastation of a natural disaster, even if the odds seem slim, should be enough for SMBs to take the necessary precautions to back up their data to an offsite location, such as the cloud, and make sure they have a reliable, disaster recovery plan. A storm doesn’t have to be as big as Hurricane Sandy to inflict irreparable damage on your organization.
You Know the Major Vulnerabilities. Now What?
Perform a comprehensive vulnerability assessment. Have all known security vulnerabilities been patched? Are you running outdated or even unsupported software that hackers are known to target? Do you have solutions in place that are capable of alerting you to potential unknown threats?
Data centers often have various point security solutions added over a number years, leaving you with a complex collection of security silos that are largely ineffective and difficult to manage. Now is the time to take an advanced, layered approach to security in which all security tools and services are capable of automating routine tasks and communicating with each other.
Finally, train your users. You may never be able to eliminate accidents or careless behavior, but you can certainly minimize risk by educating users about identifying and reporting threats and following security best practices.
SMBs should consider cyberattacks, human error, and natural disasters as a matter of “when,” not “if.” Be prepared for the worst-case scenario instead of assuming it will never happen to you.