In the modern workplace, nearly all organizations, large and small, rely on digital tools to keep their workforce connected – from traditional email to collaboration platforms. However, these mission-critical applications also create new risks for devastating cyberattacks.
While large companies are desirable targets for cybercriminals, small businesses are sometimes seen as easier victims as they typically don’t have the resources to invest in a comprehensive suite of cybersecurity tools or dedicated cybersecurity teams. In addition to their vulnerabilities, small businesses can suffer greater impacts from a cyberattack, as the high cost of recovery could ultimately put them out of business. With this, one could argue that small businesses should pay extra close attention to their cybersecurity defenses. However, Mimecast’s recent research finds they do not.
The report shows that the average total cost of collaboration-tool-based attacks on small organizations was $410,522, and small companies were the least confident in their cyber readiness compared to companies of other sizes, with only 66% of small businesses feeling their organization is prepared to deal with this type of cybersecurity breach. While some organizations choose to obtain cyber insurance coverage to mitigate risk, Mimecast’s 2023 State of Email Security Report (SOES) shows that there is strong agreement (88%) among organizations that are inclined to reduce their reliance on these policies that they will need to compensate by investing more in their own cybersecurity defenses.
Although Cybersecurity Awareness Month has come and gone, it is imperative that small business owners take a 360-degree view of cybersecurity and make it a top priority all year long. This includes prioritizing proactive detection of cyber threats and employee education around detecting bad actors and planning for potential post-hack.
#1 Proactive detection of cyber threats
The most effective way to protect your organization from the devastating effects of a cybersecurity breach is to proactively prevent a bad actor from even reaching your employees. According to the SOES report, email remains the primary attack vector for bad actors, and collaboration tools are an emerging attack surface. Phishing, ransomware, social engineering, payment fraud and impersonation are some methods used by threats actors to invade inboxes and collaboration tools. With AI, these attacks are becoming increasingly sophisticated in their ability to evade detection, which makes it a priority to choose and investing in the right cybersecurity solution that leverage AI to combat AI, and who optimize their AI model on a regular basis using large amounts of data as the basis for their tuning. There are several solutions on the market that can proactively identify malicious messages in transit and prevent the from infiltrating employee’s inboxes and collaboration tools. Newer cybersecurity products leverage gateway-less deployment and can be set up in minutes, so leaders aren’t required to shut down work or allocate numerous resources to get a product live. By investing in the right solutions, small businesses can limit cyber threats and save their company from devastating attacks that average . Some cybersecurity solutions are also offered in a managed service offering which helps companies to offset the administration of critical cyber security solutions.
#2 Educate employees to detect bad actors
While cybersecurity solutions can help eliminate threats, it’s important to account for the ones that go undetected and breakthrough to employees. The bad actors that make it this far are highly successful as human error is a major contributing cause in 95% of all cybersecurity breaches. Smart and customized cyber awareness training is important to ensure employees are vigilant and able to detect a malicious email or message that makes it through. Implementing smarter cyber awareness training can transform a company’s weakest link into its greatest asset, which is essential in fighting against these deceptive techniques. To improve employee security behavior, organizations must captivate their audience with engaging trainings, expose employees to real-world phishing attacks and track the success of the program. Tracking the programs success can ensure that training sessions have a lasting impact on employees and unveils what pain points further training should focus on, along with specific employees that require additional or specialized training.
#3 Plan for the path forward in the wake of attack
Even with artificial and human intelligence reinforcing a small businesses cybersecurity posture, cyberattacks are still possible and not uncommon. The last element of a 360-degree approach to cybersecurity involves preparing clear steps for how to move forward in the wake of an attack. Having a plan in place can help prevent organizations from additional costly mistakes made post hack, as they are high stress situations that requires a swift response. This plan should include steps for:
- Surveying the damage done by the attack and taking action to prevent it from worsening
- Keeping a record of all actions taken following the attack to provide visibility to customers, employees and stakeholders
- Notifying customers, employees, stakeholders and other impacted parties
- Analyzing the breach to learn how to better prevent a similar occurrence in the future
Once this plan is in place, small businesses must rehearse and get familiar with it in order to have the most seamless execution should an attack occur. Running tabletop exercises on a regular basis along with pen testing or other pre-emptive actions are also a priority.
It’s important that small business owners embrace a 360-degree approach to cybersecurity, as their companies are increasingly vulnerable targets for cyberattacks. As small business owners are responsible for an array of business processes – from hiring to marketing and beyond – it’s understandable that cybersecurity can fall to the wayside on their priority lists. Therefore, it’s essential they take full advantage of resources that can sometimes be overlooked – cybersecurity tools, employees, and key learnings from past experiences. By rallying this coordinated effort, small business owners can ensure they are properly defending against threats that could harm their bottom lines and reputation.
Toni Buhrke is a Director of Sales Engineering at Mimecast with more than 20 years of experience in the cybersecurity industry. Together, Toni and her team are responsible for designing customized email security solutions for Named and Enterprise customers in the Eastern region of the U.S.