Cyber Security: Get your Employees on you Cyber Security Team

Small business owners have more on their plate than ever; foremost, they are just trying to keep the doors open. The coronavirus pandemic has created additional complications in an already stress-filled time for small business owners as they deal with coronavirus-related staffing issues and often outdated IT systems.

What could be the ultimate complication? A cyber attack on their business.

The average cost of a cyber attack has exploded from $34,000 to just under $200,000 per single incident, according to Hiscox’s 2019 Cyber Readiness Report. Hackers know that small businesses generally do not have the security in place to protect from an attack. These threats can come from inside or outside the company, but employees are often the most significant threat for small businesses. They often do not have adequate training, making them vulnerable to allowing harmful security attacks to infiltrate the company.

An example of hackers taking advantage of an employee’s vulnerability is when thieves gained access to a company email account at Wright Hotels, a real estate development firm. They could gather enough information to successfully impersonate the owner and convince the bookkeeper (via email) to wire $1million to an account in China, draining the company bank account.

Seventy percent of cyber-attacks rely on phishing emails. They are extremely common, yet employees continue to click on malicious links in emails, opening their company to security threats.

Since the Covid-19 outbreak, we have seen a surge in ransomware attacks, where hackers threaten to release stolen data unless a ransom is paid. There is no way to know if paying will guarantee the release of the decryption key required to restore their systems. Furthermore, even if paid and restored, the data stolen is likely to be resold on the dark web and used in future targeted attacks.

Ransomware “gangs” are relentless. UK’s National Cyber Security Centre shares a story of an unnamed UK company that was a victim of a ransomware attack and was forced to pay close to nine million USD to recover their files using the supplied decryptor. They made a fatal error and did not examine how their network was compromised and secure their network. The same attackers hit them again in just two short weeks, and the company was forced to pay another ransom. Unfortunately, double extortion techniques are becoming more common as cyber criminals in this space get more aggressive.