Here’s why SMBs are vulnerable to cyberattacks

Small- and medium-sized businesses (SMBs) are fast becoming the favorite targets of cybercriminals. That’s because SMBs are perceived as having weak IT security and fewer IT staff. While part of this is true, a survey conducted by the Ponemon Institute and sponsored by Keeper Security reported that 60% of security breaches were caused not by hackers, but by employees themselves. The same study revealed that out of 58% of SMB data breaches in the past 18 months, 32% were due to unidentified causes, while 37% were caused by hacking.

It’s worth investigating why SMBs remain vulnerable to attacks. To avoid getting attacked, it’s essential for SMBs to learn what makes them so vulnerable. Here are proven causes of attacks that you can avoid.

Poorly kept passwords

A recent study showed that Ghana lost up to $97 million to cyberfraud from 2016 to 2018. Such an astronomical sum means Ghanaian organizations must invest in stronger IT security systems.

Huge spendings due to cybercrime can be attributed to poor password habits and an overall disregard for IT security. Companies ought to implement rules that say employees must use a trustworthy password manager application instead of writing them down on paper, which can be easily lost or stolen. Most password manager apps don't just store and lock passwords, but they also help create complex passwords.

Keeper Security CEO and Cofounder Darren Guccione adds, “The results of the 2018 State of Cybersecurity in small- and medium-sized businesses study underscore the critical importance of implementing a secure password management solution to protect not only SMBs’ sensitive digital assets, but also their reputation and the longevity of their business operation.” The fact is that there would be fewer data breach incidents if more organizations were to establish a stronger cybersecurity culture and some good, old-fashioned personal accountability.

SMBs are doorways to bigger organizations

Cybercriminals typically attack SMBs to hack into bigger companies’ systems. This happens in cases where a large corporation works with a small organization — a vendor, contractor, or a business partner whom they provide access to their network and sensitive data. When cybercriminals successfully hack into the smaller firms’ systems, it’s only a matter of time before they hack into the large companies’ systems, as well. In other words, SMBs are not always the main target, but only a means to an end. In an article that appeared in CSO, Conventus CTO and managing partner Alex Moss said, “These relationships and requirements create access into the parent organization — the ultimate target."

Cybersecurity is not a priority

Many SMBs also find it hard to provide cybersecurity training for staff, let alone invest in a strong IT infrastructure. Based on the Ponemon study mentioned above, 74% of small businesses lack budget and knowledgeable IT personnel, while 55% of respondents say they are ineffective in spotting critical conditions or are unable to identify potential threats. The shortage in IT skills and anti-hacking software weakens SMBs’ defenses, leading to reputational damage, revenue loss, and failure at legal compliance.

When BYOD is freedom without responsibility

More and more businesses are allowing remote work since mobile devices (smartphones, tablets, laptops) have become fully capable of letting employees work from any location with an internet connection. Remote work is also proving to be cost-efficient because it requires minimal IT infrastructure. What’s more, allowing employees to work from any location can be a win-win solution for both employer and employee; remote work allows employees to be productive no matter where they are. However, a bring your own device (BYOD) policy still raises susceptibility to malware, malvertising,and phishing scams; for instance, if an employee does not practice accountability and fails to lock his device, or worse, loses it, then data loss is simply inevitable.

If your business in Accra needs powerful IT solutions, it is best to consult the trustworthy experts at Zentech. Contact us today!