Research shows that three out of five small businesses close their doors within six months after falling victim to a cyber-attack.
Small businesses are being actively targeted by cyber criminals and many are completely unprepared, NordVPN has warned. Its study of the scale of the threat has found that small businesses are the least prepared for a cyber-attack.
According to a report by Verizon, so far in 2020, 28% of data breaches have involved small businesses, and only 14% of those were adequately prepared to defend themselves. In the UK, there are 5.8 million small private sector businesses with up to 49 employees.
Alarmingly, research by the National Cyber Security Alliance has found that 60% of small companies go out of business within six months of being hacked. Meanwhile, the World Economic Forum has said that cyber-attacks, data fraud and the widespread shift to remote working are the most likely technological risks to businesses during the COVID-19 pandemic.
Juta Gurinaviciute, chief technology officer at NordVPN Teams, said: "It is frightening to see such important economic drivers lagging behind when it comes to adopting strategies for fighting threats. Today, SMEs can be considered the new big target for attacks, yet cyber crime prevention is often neglected within their environment. With millions of employees working remotely, workers are accessing company data without the safety of a fortified corporate network. This has made them easy targets for hackers and scammers."
NordVPN recommends these actions to help small firms to protect their company data:
- Carry out a risk assessment, offer security training to staff and make an incident plan;
- Ensure all devices are protected with strong passwords or biometric identification;
- Devices should operate on a platform that can be remotely tracked and deactivated in the event of loss or theft;
- Employee passwords should be unique and changed regularly, preferably using a password manager;
- Only secure virtual private network (VPN) connectivity should be allowed for remote access;
- Only whitelisted IP addresses or device IDs should be allowed to access systems;
- Treat every email with zero trust;
- Keep servers, workstations and devices up-to-date;
- Make back-ups and keep them offline;
- Install antivirus software, anti-malware, anti-spyware and firewall software to detect and eliminate threats.
Written by Rachel Miller.