Why Aren’t Small Businesses Doing More to be Cyber-Secure?

Why Aren’t Small Businesses Doing More to be Cyber-Secure?

Cybersecurity is a popular subject. It’s talked about endlessly online and in the media, and with good reason: cyberattacks are targeting businesses every day with substantial repercussions.

With a constant news cycle highlighting new cybersecurity threats, it can almost desensitize you to the fact that your business is at risk. When you constantly hear discussion around a particular subject, it’s only human to start to tune it out. While it’s understandable to give into that instinct and disregard the news, it can be dangerous to your business.

Why? Small businesses are big targets for cybercriminals. According to The State of Cybersecurity Among Small Businesses in North America report published by the Better Business Bureau, 43% of all cyberattacks were directed at small businesses, yet seven out of 10 small businesses considered it unlikely that they’d suffer a cyberattack (e.g., phishing resulting in stolen credentials, ransomware) in the next 24 months. 

There seems to be a disconnect from the real threat of cyberattacks and the belief that it could happen to my business. While the same report revealed that more than 80% of small business owners were aware of cyber- threats and the potential business impacts of cyberattacks, the urgency to secure their firm doesn’t show. The daily security breaches suggest that many owners fail to implement proper security measures.

What’s holding many small businesses back from investing in their own security? In the Better Business Bureaus (BBB) report, three main reasons for why small businesses haven’t committed to cybersecurity are presented. 

Lack of Cyber-Education

Conceptually, cybersecurity is easy to understand but it gets to be much more complicated once you get into the weeds of how security technology works together. The complexity presents a large barrier to entry for small business, who in many cases lack trained IT professionals. Those that do invest in IT experts still need to invest resources into keeping their professionals well-informed on the always-changing cybersecurity landscape.

As stated in the BBB report, cybersecurity is a complex topic, and the findings suggest that additional education and awareness efforts focused on smaller businesses are needed and would progress cybersecurity practices in the marketplace. There is still much that can be done to educate, support and encourage small businesses to be more cyber-secure, to dispel inaccurate understandings of potential cybersecurity impacts, and to help make cybersecurity a top priority for smaller organizations. 

One way to increase widespread cybersecurity education is to require relevant accreditations or certifications. Requiring professional certifications by employees ensures that at least one person in the business has had training on cybersecurity best practices. Obviously, it would be up to small businesses to provide the training opportunity to employees but it would be to the benefit of both the employees and the business. Showcasing to the public your organization’s efforts to better safeguard customers’ data by certifying employees wouldn’t be a bad marketing message to share, either. 

Lack of Resources

Unsurprisingly, constrained resources can hold small businesses back from implementing cybersecurity best practices. For many, money is too finite to invest in the necessary percussions. According to Frank Sorrentino of Forbes, this is why small businesses have become a main target for cyber-attacks. Thankfully, there are still steps a company can take that will make a big difference in security without spending a lot of money.

One thing that can be done without much money, as we touched on above, is education. There are endless free online resources dedicated to educating the world on cybersecurity. Taking time to educate yourself and employees will go a long way in securing your SMB. Sorrentino writes that providing rudimentary information about cyber safety and best practices – and arming employees with a few quick tips like the following – can help prevent avoidable security incidents: 

  • Learn to identify harmful “phishing” emails by looking out for incorrect grammar and inaccuracies in the message body, and place your mouse pointer over any link to verify the URL before clicking.
  • Don’t use bookmarks or web browser shortcuts – attackers can make modifications on the back end so it links somewhere else. Instead, open your internet search and type in exactly what you’re looking for.
  • When you’re working remotely, never use public Wi-Fi. You might think your local coffee shop is safe, but shockingly, these hotspots are often unmanaged and highly insecure, leaving your computer or device vulnerable to an attack. Be aware of hacking risks to your smart phone via SMS texting, voicemail, apps and Bluetooth as well.

Furthermore, taking advantage of security features built into common business applications will go a long way to improve your company’s well-being. Spam filters, customized rules, email encryption safety guards and internet content filters that categorize sites into various classifications do a decent enough job of blocking most malicious types of web traffic. Having employees follow a specific and consistent set of rules when setting up your business’s software security features is an excellent step in the right direction. 

Small adjustments like these can make a big difference in a firm’s security, yet many small businesses leave them on the table.

Lack of Time

Running a small business is a hectic job, with never-ending work needed to keep it afloat. It’s understandable that small businesses might overlook security. Reframing the way you think about the importance of cybersecurity in your organization is critical to ensuring you put in the required efforts to keep your business safe. Consider this: you wouldn’t leave your office’s front door unlocked overnight because you were short on time, right? This is cybersecurity boiled down to its most basic purpose: keeping criminals out. Relegating it to a secondary need is like leaving your company open for criminals to walk in and take what they like.

If that metaphor isn’t convincing enough, cybersecurity, or a lack thereof, can have a big impact on your company’s profits. As stated in the BBB report, nearly 80% of consumers would be likely to walk away from a purchase if a business fails to safeguard their data. Leaving customer data vulnerable can render much of your other work useless.

As you think about making time for cybersecurity, consider this statistic from the State of Cybersecurity Among Small Businesses in North America report: the average cost of a cyberattack for a small or midsize business can be as high as $188,242.30. For many small businesses, this sort of loss would be crippling. This is exactly why time needs to be dedicated to cybersecurity, even if it is just implementation of the best practices listed above.

Still not convinced that your business could be hacked? According the BBB, approximately one out of four businesses suffered one or more cyber-attacks that affected their business in the last 12 months. It is only a matter of time before a cybercriminal looks your way; it’s a good idea to be prepared for when they do.

If you find yourself relating to these reasons for not committing yourself to better cybersecurity practices, take your first step towards educating yourself on important best practices with our free cybersecurity guide for small businesses, which you can download here.

Written by Nik Vargas