Here Are 5 Steps to Help Lower Your Risk of Data Breaches
One less-obvious legacy of the pandemic is the legion of new fraudsters it trained. Having extracted more than $163 billion in fraudulent payments in pandemic-era benefits, they’ve moved onto the private sector – and small businesses are a chief target. No business is too small.
Cybercriminals are targeting small businesses with tech-enabled cyberattacks, and their motives are often financial. They’re looking to compromise valuable personally identifiable information to commit identity or business identity theft – or to access a business’s financial accounts directly.
Cybercriminals are equipping themselves with technology to make their jobs easier – but an equal or greater threat are employees and vendors that unintentionally present gateways to intrusion.
As technology advances, so do cyberattack methods, where cybercriminals delight in taking advantage of new tools at their disposal. Even the tools specifically designed to improve security are being abused.
These kinds of attacks sound scary and difficult to defend against, but a small business can remain aware of the threats and effectively concentrate on the most-needed areas. Though sophisticated Cobalt Strike and similar attacks capture headlines, it’s often the “human attack surface” that poses the greatest threats. The majority of data breaches (85%) can be traced back to the compromise of company and vendor employees, in which their already-compromised identities provide easy access points.
The reality is that given enough time and resources, a dedicated thief can get around most security shields. But what they’re really looking for is low-hanging fruit, hoping to exploit common mistakes many small businesses make.
You can make your organization far less inviting by adopting five practical best practices.
Amid inflation, labor shortages, ongoing supply chain issues and an uncertain economy, few small businesses place cybersecurity at the top of their concerns. But unlike these other concerns, there are many constructive things businesses can do to evade the crosshairs of cybercriminals. Simple, concrete actions can be some of the most meaningful.
This article originally appeared in the Daily Business Review’s ALM/Small Business Advisor on Law.com